Hi,
I'm not clear about the sentence:
"If the security identity has not been established getCallerPrincipal() will return a non-null principal that corresponds to container’s representation of the unauthenticated identity."
But as the specification describes, the getCallerPrincipal() corresponds to the caller principal and not the run-as principal, if any, so the MDB caller will be the container and the caller would be something as "ANONYMOUS" or not-null.
I am not sure If the security identity can, in fact, be established to a MDB call.
Regards,
DF
About Question enthuware.oce-ejbd.v6.2.533 :
Moderator: admin
-
- Posts: 21
- Joined: Thu May 05, 2016 2:50 am
- Contact:
-
- Site Admin
- Posts: 10065
- Joined: Fri Sep 10, 2010 9:26 pm
- Contact:
Re: About Question enthuware.oce-ejbd.v6.2.533 :
Can you tell me where the specification says what you have quoted, "But as the specification describes, the getCallerPrincipal() corresponds to the caller principal and not the run-as principal, if any, so the MDB caller will be the container and the caller would be something as "ANONYMOUS" or not-null."
The statement given in the explanation is not talking about run-as principal either. It is talking about whatever principal corresponds to "container’s representation of the unauthenticated identity", which could by anonymous also. Depends on the container.
HTH,
Paul.
The statement given in the explanation is not talking about run-as principal either. It is talking about whatever principal corresponds to "container’s representation of the unauthenticated identity", which could by anonymous also. Depends on the container.
HTH,
Paul.
If you like our products and services, please help us by posting your review here.
-
- Posts: 21
- Joined: Thu May 05, 2016 2:50 am
- Contact:
Re: About Question enthuware.oce-ejbd.v6.2.533 :
Section 17.2.5.1 from the spec.
"Note that getCallerPrincipal returns the principal that represents the caller of the enterprise bean, not the principal that corresponds to the run-as security identity for the bean, if any."
Anyway, regarding your answer, there is no security identity to be established for a MDB because they are called from the container is it true?
Regards,
DF
"Note that getCallerPrincipal returns the principal that represents the caller of the enterprise bean, not the principal that corresponds to the run-as security identity for the bean, if any."
Anyway, regarding your answer, there is no security identity to be established for a MDB because they are called from the container is it true?
Regards,
DF
-
- Site Admin
- Posts: 10065
- Joined: Fri Sep 10, 2010 9:26 pm
- Contact:
Re: About Question enthuware.oce-ejbd.v6.2.533 :
No, as per Section 5.4.13:
Hope this is clear.
Thus, the getCallerPrincipal will not return null but whatever it returns depends on how the container implements this feature.A caller principal may propagate into a message-driven bean’s message listener methods. Whether this occurs is a function of the specific message-listener interface and associated messaging provider, but is not governed by this specification.
The Bean Provider can use the @RunAs metadata annotation (or corresponding deployment descriptor element) to define a run-as identity for the enterprise bean. The run-as identity applies to the bean’s message listener methods and timeout methods.
Hope this is clear.
If you like our products and services, please help us by posting your review here.
-
- Posts: 21
- Joined: Thu May 05, 2016 2:50 am
- Contact:
Re: About Question enthuware.oce-ejbd.v6.2.533 :
It is clear what you transcript from the spec but it is not in accordance with your justification in the question:
It is possible for some JMS provider implementation but is not governed by this specification and is not even a requirement.A caller principal may propagate into a message-driven bean’s message listener methods. Whether this occurs is a function of the specific message-listener interface and associated messaging provider, but is not governed by this specification.
The Bean Provider can set roles for the MDB methods to call other methods.The Bean Provider can use the @RunAs metadata annotation (or corresponding deployment descriptor element) to define a run-as identity for the enterprise bean. The run-as identity applies to the bean’s message listener methods and timeout methods.
-
- Site Admin
- Posts: 10065
- Joined: Fri Sep 10, 2010 9:26 pm
- Contact:
Re: About Question enthuware.oce-ejbd.v6.2.533 :
I am not sure where is "RunAs" getting into picture here. The sentence that you quoted in your first post, "If the security identity has not been established getCallerPrincipal() will return a non-null principal that corresponds to container’s representation of the unauthenticated identity.", is correct. This sentence is not talking about RunAs. It is talking about "container’s representation of the unauthenticated identity". So I am not sure why you think it is incorrect or not clear.
HTH,
Paul.
HTH,
Paul.
If you like our products and services, please help us by posting your review here.
Who is online
Users browsing this forum: No registered users and 73 guests