Enthuware

Posted: **Wed Aug 10, 2011 3:08 pm**

Howdy!

I guess that in case of multichoice questions, the 'none of the above' answer doesn't make any sense at all.

Cheers!

Posted: **Sun Aug 14, 2011 8:53 am**

Yes, it can be removed.

thanks for your feedback!

Posted: **Sun Oct 21, 2012 11:03 pm**

I don't know when this comment will be dealt with but I still see the option "None of the above." where two options are requested.

Regards,
Frits

Posted: **Mon Oct 22, 2012 5:53 am**

Fixed in v 2.39

HTH,
Paul.

Posted: **Fri Jul 19, 2013 2:14 pm**

the explanation to third option says that :
These methods will return the values a per the "run-as" configuration of the bean.

this is not true since getCallerPrincipal from onMessage will return the containers representation(anonymous in case of glassfish) of unauthenticated identity. run-as principal will be visible in the calls made from the onMessage method.

Posted: **Sat Jul 20, 2013 12:53 pm**

As per Section 17.4.3.1:

17.3.4.1 Run-as
The Bean Provider can use the RunAs metadata annotation or the Bean Provider or Application Assembler can use the run-as deployment descriptor element to define a run-as identity for an enterprise bean in the deployment descriptor. The run-as identity applies to the enterprise bean as a whole, that is, to all methods of the enterprise bean’s business, home, and component interfaces, no-interface view, and/or web service endpoint; to the message listener methods of a message-driven bean; and to the timeout callback methods of an enterprise bean; and all internal methods of the bean that they might in turn call.

This means that the bean method itself runs as if it is run by the run-as role.

HTH,
Paul.

Posted: **Sun Jul 21, 2013 8:50 am**

admin wrote:As per Section 17.4.3.1:
17.3.4.1 Run-as
The Bean Provider can use the RunAs metadata annotation or the Bean Provider or Application Assembler can use the run-as deployment descriptor element to define a run-as identity for an enterprise bean in the deployment descriptor. The run-as identity applies to the enterprise bean as a whole, that is, to all methods of the enterprise bean’s business, home, and component interfaces, no-interface view, and/or web service endpoint; to the message listener methods of a message-driven bean; and to the timeout callback methods of an enterprise bean; and all internal methods of the bean that they might in turn call.
This means that the bean method itself runs as if it is run by the run-as role.

HTH,
Paul.

you are right paul, but the explanation says that from within the bean class which is annotated as RunAs
if we do getCallerPrincipal we will get the whatever principal assigned to RunAs role. this is not true. the run as principal will only be visible to beans which ARE CALLED from the bean annotated with RunAs annotation

Posted: **Sun Jul 21, 2013 9:29 am**

I do not agree with that. It applies to the execution of that method itself as well. Section 17.1 says this:

The security principal under which a method invocation is performed is typically that of the component’s caller. By specifying a run-as identity, however, it is possible to specify that a different principal be substituted for the execution of the methods of the bean’s business interface, no-interface view, homeinterface, component interface, and/or web service endpoint and any methods of other enterprise beans that the bean may call.

This means the execution of the method itself runs as the "run-as" identity. So getCallerPrincipal should return the run-as identity.

HTH,
Paul.

Posted: **Sun Jul 21, 2013 10:56 am**

admin wrote:I do not agree with that. It applies to the execution of that method itself as well. Section 17.1 says this:
The security principal under which a method invocation is performed is typically that of the component’s caller. By specifying a run-as identity, however, it is possible to specify that a different principal be substituted for the execution of the methods of the bean’s business interface, no-interface view, homeinterface, component interface, and/or web service endpoint and any methods of other enterprise beans that the bean may call.
This means the execution of the method itself runs as the "run-as" identity. So getCallerPrincipal should return the run-as identity.

HTH,
Paul.

no getCallerPrincipal wont return run-as identity. it will return whatever identity invoked the bean. i just tested it again to reconfirm this

Posted: **Sun Jul 21, 2013 11:52 am**

You are right. Section 17.2.5.1 says,

Note that getCallerPrincipal returns the principal that represents the caller of the enterprise bean, not the principal that corresponds to the run-as security identity for the bean, if any.

this has now been fixed.

thank you for your feedback!

Enthuware

About Question enthuware.oce-ejbd.v6.2.533 :

About Question enthuware.oce-ejbd.v6.2.533 :

Re: About Question enthuware.oce-ejbd.v6.2.533 :

Re: About Question enthuware.oce-ejbd.v6.2.533 :

Re: About Question enthuware.oce-ejbd.v6.2.533 :

Re: About Question enthuware.oce-ejbd.v6.2.533 :

Re: About Question enthuware.oce-ejbd.v6.2.533 :

Re: About Question enthuware.oce-ejbd.v6.2.533 :

Re: About Question enthuware.oce-ejbd.v6.2.533 :

Re: About Question enthuware.oce-ejbd.v6.2.533 :

Re: About Question enthuware.oce-ejbd.v6.2.533 :