About Question enthuware.oce-ejbd.v6.2.533 :
Moderators: Site Manager, fjwalraven
-
- Posts: 25
- Joined: Thu Aug 04, 2011 10:36 am
- Location: Poland
- Contact:
About Question enthuware.oce-ejbd.v6.2.533 :
Howdy!
I guess that in case of multichoice questions, the 'none of the above' answer doesn't make any sense at all.
Cheers!
I guess that in case of multichoice questions, the 'none of the above' answer doesn't make any sense at all.
Cheers!
-
- Site Admin
- Posts: 10036
- Joined: Fri Sep 10, 2010 9:26 pm
- Contact:
Re: About Question enthuware.oce-ejbd.v6.2.533 :
Yes, it can be removed.
thanks for your feedback!
thanks for your feedback!
If you like our products and services, please help us by posting your review here.
-
- Posts: 429
- Joined: Tue Jul 24, 2012 2:43 am
- Contact:
Re: About Question enthuware.oce-ejbd.v6.2.533 :
I don't know when this comment will be dealt with but I still see the option "None of the above." where two options are requested.
Regards,
Frits
Regards,
Frits
-
- Site Admin
- Posts: 10036
- Joined: Fri Sep 10, 2010 9:26 pm
- Contact:
Re: About Question enthuware.oce-ejbd.v6.2.533 :
Fixed in v 2.39
HTH,
Paul.
HTH,
Paul.
If you like our products and services, please help us by posting your review here.
-
- Posts: 55
- Joined: Thu Jan 03, 2013 7:51 am
- Contact:
Re: About Question enthuware.oce-ejbd.v6.2.533 :
the explanation to third option says that :
These methods will return the values a per the "run-as" configuration of the bean.
this is not true since getCallerPrincipal from onMessage will return the containers representation(anonymous in case of glassfish) of unauthenticated identity. run-as principal will be visible in the calls made from the onMessage method.
These methods will return the values a per the "run-as" configuration of the bean.
this is not true since getCallerPrincipal from onMessage will return the containers representation(anonymous in case of glassfish) of unauthenticated identity. run-as principal will be visible in the calls made from the onMessage method.
-
- Site Admin
- Posts: 10036
- Joined: Fri Sep 10, 2010 9:26 pm
- Contact:
Re: About Question enthuware.oce-ejbd.v6.2.533 :
As per Section 17.4.3.1:
HTH,
Paul.
This means that the bean method itself runs as if it is run by the run-as role.17.3.4.1 Run-as
The Bean Provider can use the RunAs metadata annotation or the Bean Provider or Application Assembler can use the run-as deployment descriptor element to define a run-as identity for an enterprise bean in the deployment descriptor. The run-as identity applies to the enterprise bean as a whole, that is, to all methods of the enterprise bean’s business, home, and component interfaces, no-interface view, and/or web service endpoint; to the message listener methods of a message-driven bean; and to the timeout callback methods of an enterprise bean; and all internal methods of the bean that they might in turn call.
HTH,
Paul.
If you like our products and services, please help us by posting your review here.
-
- Posts: 55
- Joined: Thu Jan 03, 2013 7:51 am
- Contact:
Re: About Question enthuware.oce-ejbd.v6.2.533 :
admin wrote:As per Section 17.4.3.1:This means that the bean method itself runs as if it is run by the run-as role.17.3.4.1 Run-as
The Bean Provider can use the RunAs metadata annotation or the Bean Provider or Application Assembler can use the run-as deployment descriptor element to define a run-as identity for an enterprise bean in the deployment descriptor. The run-as identity applies to the enterprise bean as a whole, that is, to all methods of the enterprise bean’s business, home, and component interfaces, no-interface view, and/or web service endpoint; to the message listener methods of a message-driven bean; and to the timeout callback methods of an enterprise bean; and all internal methods of the bean that they might in turn call.
HTH,
Paul.
you are right paul, but the explanation says that from within the bean class which is annotated as RunAs
if we do getCallerPrincipal we will get the whatever principal assigned to RunAs role. this is not true. the run as principal will only be visible to beans which ARE CALLED from the bean annotated with RunAs annotation
-
- Site Admin
- Posts: 10036
- Joined: Fri Sep 10, 2010 9:26 pm
- Contact:
Re: About Question enthuware.oce-ejbd.v6.2.533 :
I do not agree with that. It applies to the execution of that method itself as well. Section 17.1 says this:
HTH,
Paul.
This means the execution of the method itself runs as the "run-as" identity. So getCallerPrincipal should return the run-as identity.The security principal under which a method invocation is performed is typically that of the component’s caller. By specifying a run-as identity, however, it is possible to specify that a different principal be substituted for the execution of the methods of the bean’s business interface, no-interface view, homeinterface, component interface, and/or web service endpoint and any methods of other enterprise beans that the bean may call.
HTH,
Paul.
If you like our products and services, please help us by posting your review here.
-
- Posts: 55
- Joined: Thu Jan 03, 2013 7:51 am
- Contact:
Re: About Question enthuware.oce-ejbd.v6.2.533 :
admin wrote:I do not agree with that. It applies to the execution of that method itself as well. Section 17.1 says this:This means the execution of the method itself runs as the "run-as" identity. So getCallerPrincipal should return the run-as identity.The security principal under which a method invocation is performed is typically that of the component’s caller. By specifying a run-as identity, however, it is possible to specify that a different principal be substituted for the execution of the methods of the bean’s business interface, no-interface view, homeinterface, component interface, and/or web service endpoint and any methods of other enterprise beans that the bean may call.
HTH,
Paul.
no getCallerPrincipal wont return run-as identity. it will return whatever identity invoked the bean. i just tested it again to reconfirm this
-
- Site Admin
- Posts: 10036
- Joined: Fri Sep 10, 2010 9:26 pm
- Contact:
Re: About Question enthuware.oce-ejbd.v6.2.533 :
You are right. Section 17.2.5.1 says,
thank you for your feedback!
this has now been fixed.Note that getCallerPrincipal returns the principal that represents the caller of the enterprise bean, not the principal that corresponds to the run-as security identity for the bean, if any.
thank you for your feedback!
If you like our products and services, please help us by posting your review here.
Who is online
Users browsing this forum: No registered users and 33 guests