geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: Message-Driven Beans with run-as Subject
Date Tue, 20 Feb 2007 16:51:23 GMT

On Feb 19, 2007, at 9:24 PM, Aman Nanner/MxI Technologies wrote:

> I checked out the MDB interceptor stack and I do see that the
> EjbRunAsInterceptor is missing.  In order for me to add it and test  
> it out,
> I'd need to rebuild the openejb-2.2 project.  I have this checked  
> out but
> am having difficulty building it.  Is there an article out there for
> building openejb-2.2?  The main page at the openejb.org site has
> instructions on how to build openejb3, but not version 2.  I did a  
> bit of
> searching but couldn't find it...

You should have checked out

https://svn.apache.org/repos/asf/incubator/openejb/trunk/openejb2

This project builds with maven 2.0.5, and running

mvn

ought to work (after enough tries).

What problems are you seeing?

thanks
david jencks

>
> Thanks,
> Aman
>
> David Jencks <david_jencks@yahoo.com> wrote on 02-19-2007 01:50:24 PM:
>
>> It looks to me as if the mdb interceptor stack is missing the
>> EJBRunAsInterceptor which would mean that run-as wouldn't work.  I'm
>> also not seeing how any Subject such as the default subject is set
>> for an mdb call.  So I think there's a bug (would rather check the
>> spec to make sure it's supposed to work before definitely declaring a
>> bug).  Since you can't import security with an mdb from the inbound
>> message I'd think you could get almost the same result by making the
>> default subject for the mdb call your run-as subject, and this might
>> work, but I can't figure out if or how that's being set.
>>
>> If you would like to experiment you might compare the ejb containers
>> and modify the mdb one to include the EJBRunAsInterceptor at a likely
>> spot and see if it works.
>>
>> thanks
>> david jencks
>>
>> On Feb 19, 2007, at 9:10 AM, Aman Nanner/MxI Technologies wrote:
>>
>>>
>>> Hi,
>>>
>>>
>>> One Geronimo 1.2-beta, I'm running into a problem where a message-
>>> driven
>>> bean that I have is unable to access a stateless session EJB that I
>>> have,
>>> due to method permission restrictions.  This MDB is configured  
>>> with a
>>> "run-as" subject in the ejb-jar.xml which is supposed to allow it
>>> to access
>>> this restricted EJB.  I have the MDB configured similar to the
>>> following:
>>>
>>> ----
>>>       <message-driven>
>>>          <display-name>TestMDB</display-name>
>>>          <ejb-name>TestMDB</ejb-name>
>>>          <ejb-class>com.acme.ejb.TestMDB</ejb-class>
>>>          <transaction-type>Bean</transaction-type>
>>>
>>> <message-destination-type>javax.jms.Topic</message-destination-type>
>>>          <activation-config>
>>>             <activation-config-property>
>>>
>>> <activation-config-property-name>acknowledgeMode</activation-config-
>>> property-name>
>>>
>>> <activation-config-property-value>Auto-acknowledge</activation-
>>> config-property-value>
>>>             </activation-config-property>
>>>             <activation-config-property>
>>>
>>> <activation-config-property-name>messageSelector</activation-config-
>>> property-name>
>>>                <activation-config-property-value>JOB_CODE =
>>> 'FOO'</activation-config-property-value>
>>>             </activation-config-property>
>>>             <activation-config-property>
>>>
>>> <activation-config-property-name>subscriptionDurability</activation-
>>> config-property-name>
>>>
>>> <activation-config-property-value>NonDurable</activation-config-
>>> property-value>
>>>             </activation-config-property>
>>>          </activation-config>
>>>          <ejb-ref>
>>>             <ejb-ref-name>ejb/common/TestEJB</ejb-ref-name>
>>>             <ejb-ref-type>Session</ejb-ref-type>
>>>             <home>com.acme.ejb.TestHome</home>
>>>             <remote>com.acme.ejb.TestRemote</remote>
>>>             <ejb-link>TestEJB</ejb-link>
>>>          </ejb-ref>
>>>          <security-identity>
>>>             <run-as>
>>>                <role-name>TESTROLE</role-name>
>>>             </run-as>
>>>          </security-identity>
>>>       </message-driven>
>>> ----
>>>
>>> Can anybody confirm if the "run-as" functionality for MDBs works as
>>> it's
>>> supposed to in Geronimo 1.2-beta?  Am I supposed to make a further
>>> configuration to one of the geronimo or openejb descriptors, in
>>> addition to
>>> the ejb-jar.xml?
>>>
>>> Through some debugging in Eclipse, I've found that the "run-as"
>>> subject
>>> does get loaded into the MDB Deployment Context as described, but I
>>> haven't
>>> confirmed if it actually gets set as the Subject for the context.
>>>
>>> Thanks,
>>> Aman
>>>
>>> ____________________________________________________________________ 
>>> __
>>> ____________
>>> * This message is intended only for the use of the individual or
>>> entity to which it is addressed, and may contain information that
>>> is privileged, confidential and exempt from disclosure under
>>> applicable law. Unless you are the addressee (or authorized to
>>> receive for the addressee), you may not use, copy or disclose the
>>> message or any information contained in the message. If you have
>>> received this message in error, please advise the sender by reply e-
>>> mail , and delete the message, or call (collect) 001 613 747 4698. *
>>>
>>
>
> ______________________________________________________________________ 
> ____________
> * This message is intended only for the use of the individual or  
> entity to which it is addressed, and may contain information that  
> is privileged, confidential and exempt from disclosure under  
> applicable law. Unless you are the addressee (or authorized to  
> receive for the addressee), you may not use, copy or disclose the  
> message or any information contained in the message. If you have  
> received this message in error, please advise the sender by reply e- 
> mail , and delete the message, or call (collect) 001 613 747 4698. *
>


Mime
View raw message