You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomee.apache.org by BenD <be...@baesystems.com> on 2011/08/02 03:41:23 UTC

isCallerInRole without using annotations (@DeclareRoles, @RolesAllowed)

I have a problem that seems to be related to the following post, however the
temporary work around isn't useful for our solution:

http://openejb.979440.n4.nabble.com/JUnit-Sessioncontext-isCallerInRole-allways-returns-false-td3257408.html

My problem occurs is that at configuration time we want to be able to add
"groups" without having them defined in the @DeclareRoles (or any of the
other annotations e.g: @RolesAllowed), as this would require recompiling
code each time new groups are added.

I am using OpenEJB 3.1.4.


See below for the code showing what I am attempting to achieve: 

*MyTestBeanLocal.java: *

@Local 
public interface MyTestBeanLocal { 

    boolean hasRole(String role); 

} 

*MyTestBean.java: *

@Stateless
@DeclareRoles({users})
public class MyTestBean implements MyTestBeanLocal { 

    @Resource 
    private SessionContext sessionContext; 

    public boolean hasRole(final String role) { 
        return this.sessionContext.isCallerInRole(role); 
    } 

} 


*MyTestCase.java: *

public class MyTestCase { 

   @Test 
    public void test1() throws Exception { 
       
	    Properties p = new Properties();
        p.put( Context.INITIAL_CONTEXT_FACTORY,
"org.apache.openejb.client.LocalInitialContextFactory" );

        p.put( "java.naming.security.principal", "User1" );
        p.put( "java.naming.security.credentials", "password1" );
        p.put( "openejb.authentication.realmName", "PropertiesLogin" ); //
optional

        final InitialContext ctx = new InitialContext( p );

        final MyTest myTest = (MyTest) ctx.lookup("MyTestBeanLocal"); 

        System.out.println("Is in 'users'? " + myTest.hasRole("users")); 
		System.out.println("Is in 'GroupOne'? " + myTest.hasRole("GroupOne"));
    } 


}


*users.properties:*

User1=password1
User2=password2

*groups.properties:*

users=User1,User2
GroupOne=User1

*Output:*
Is in 'users'? true 
Is in 'GroupOne'? false


I have attempted to modify my META-INF/ejb-jar.xml but this has no affect on
the output:

*Original:*
<ejb-jar/>

*Modified:*

<ejb-jar xmlns="http://java.sun.com/xml/ns/javaee" version="3.0"
metadata-complete="false">

    <assembly-descriptor>
        <security-role>
            <description>The Group 1 Role</description>
            <role-name>GroupOne</role-name>
        </security-role>
    </assembly-descriptor>
</ejb-jar>



--
View this message in context: http://openejb.979440.n4.nabble.com/isCallerInRole-without-using-annotations-DeclareRoles-RolesAllowed-tp3711169p3711169.html
Sent from the OpenEJB Dev mailing list archive at Nabble.com.