All times are UTC - 5 hours




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: About Question enthuware.oce-ejbd.v6.2.533 :
PostPosted: Wed Dec 06, 2017 7:10 pm 
Offline

Joined: Thu May 05, 2016 2:50 am
Posts: 8
Hi,

I'm not clear about the sentence:

"If the security identity has not been established getCallerPrincipal() will return a non-null principal that corresponds to container’s representation of the unauthenticated identity."

But as the specification describes, the getCallerPrincipal() corresponds to the caller principal and not the run-as principal, if any, so the MDB caller will be the container and the caller would be something as "ANONYMOUS" or not-null.

I am not sure If the security identity can, in fact, be established to a MDB call.

Regards,
DF


Top
 Profile Send private message  
 
 Post subject: Re: About Question enthuware.oce-ejbd.v6.2.533 :
PostPosted: Wed Dec 06, 2017 9:12 pm 
Offline
Site Admin

Joined: Fri Sep 10, 2010 9:26 pm
Posts: 6863
Can you tell me where the specification says what you have quoted, "But as the specification describes, the getCallerPrincipal() corresponds to the caller principal and not the run-as principal, if any, so the MDB caller will be the container and the caller would be something as "ANONYMOUS" or not-null."

The statement given in the explanation is not talking about run-as principal either. It is talking about whatever principal corresponds to "container’s representation of the unauthenticated identity", which could by anonymous also. Depends on the container.

HTH,
Paul.


Top
 Profile Send private message  
 
 Post subject: Re: About Question enthuware.oce-ejbd.v6.2.533 :
PostPosted: Thu Dec 07, 2017 7:00 am 
Offline

Joined: Thu May 05, 2016 2:50 am
Posts: 8
Section 17.2.5.1 from the spec.

"Note that getCallerPrincipal returns the principal that represents the caller of the enterprise bean, not the principal that corresponds to the run-as security identity for the bean, if any."

Anyway, regarding your answer, there is no security identity to be established for a MDB because they are called from the container is it true?

Regards,
DF


Top
 Profile Send private message  
 
 Post subject: Re: About Question enthuware.oce-ejbd.v6.2.533 :
PostPosted: Thu Dec 07, 2017 7:57 am 
Offline
Site Admin

Joined: Fri Sep 10, 2010 9:26 pm
Posts: 6863
No, as per Section 5.4.13:
Quote:
A caller principal may propagate into a message-driven bean’s message listener methods. Whether this occurs is a function of the specific message-listener interface and associated messaging provider, but is not governed by this specification.
The Bean Provider can use the @RunAs metadata annotation (or corresponding deployment descriptor element) to define a run-as identity for the enterprise bean. The run-as identity applies to the bean’s message listener methods and timeout methods.


Thus, the getCallerPrincipal will not return null but whatever it returns depends on how the container implements this feature.

Hope this is clear.


Top
 Profile Send private message  
 
 Post subject: Re: About Question enthuware.oce-ejbd.v6.2.533 :
PostPosted: Thu Dec 07, 2017 11:14 am 
Offline

Joined: Thu May 05, 2016 2:50 am
Posts: 8
It is clear what you transcript from the spec but it is not in accordance with your justification in the question:

Quote:
A caller principal may propagate into a message-driven bean’s message listener methods. Whether this occurs is a function of the specific message-listener interface and associated messaging provider, but is not governed by this specification.

It is possible for some JMS provider implementation but is not governed by this specification and is not even a requirement.

Quote:
The Bean Provider can use the @RunAs metadata annotation (or corresponding deployment descriptor element) to define a run-as identity for the enterprise bean. The run-as identity applies to the bean’s message listener methods and timeout methods.

The Bean Provider can set roles for the MDB methods to call other methods.


Top
 Profile Send private message  
 
 Post subject: Re: About Question enthuware.oce-ejbd.v6.2.533 :
PostPosted: Fri Dec 08, 2017 11:10 pm 
Offline
Site Admin

Joined: Fri Sep 10, 2010 9:26 pm
Posts: 6863
I am not sure where is "RunAs" getting into picture here. The sentence that you quoted in your first post, "If the security identity has not been established getCallerPrincipal() will return a non-null principal that corresponds to container’s representation of the unauthenticated identity.", is correct. This sentence is not talking about RunAs. It is talking about "container’s representation of the unauthenticated identity". So I am not sure why you think it is incorrect or not clear.

HTH,
Paul.


Top
 Profile Send private message  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Template made by DEVPPL/ThatBigForum