1. 技术文章
  2. Can't get @RunAs to work in an EJB

Can't get @RunAs to work in an EJB

妖精的绣舞 提交于 2019-11-28 06:17:11

问题


This is a follow-up to User context for @Startup EJB on websphere

I have the following scenario:

EJB 1:

@WebService( ... )
@Local(SomeLocalServiceType.class)
@Stateless
@RolesAllowed("SomeRole")
public class SomeServiceBean implements SomeLocalServiceType {

    ...

    @Override
    public void someMethodInSomeLocalServiceType() { ... }

    ...
}

EJB 2:

@Startup
@Singleton
@RunAs("SomeRole")
public class PIRSingletonEJB {

        @EJB
        private SomeLocalServiceType service; 

        ...

        @PostContruct
        public void performStartupAction() { 
            service.someMethodInSomeLocalServiceType();
        }

}

In short: I have one EJB requiring a role "SomeRole", and a startup EJB using @RunAs to use that role.

As far I as understand @RunAs this should work.

However, I get the following Exception (class and role names changed to match my example):

javax.ejb.NoSuchEJBException: An error occurred during initialization of singleton session bean MY_Appl#myappl-ejb.jar#PIRSingletonEJB, resulting in the discarding of the singleton instance.; nested exception is: javax.ejb.EJBAccessException: SECJ0053E: Authorization failed for wasldaphost:389/SOMEUSER while invoking (Bean)MY_Appl#myappl-ejb.jar#SomeServiceBean someMethodInSomeLocalServiceType::3  is not granted any of the required roles: SomeRole
Caused by: javax.ejb.EJBAccessException: SECJ0053E: Authorization failed for wasldaphost:389/SOMEUSER while invoking (Bean)MY_Appl#myappl-ejb.jar#SomeServiceBean someMethodInSomeLocalServiceType::3  is not granted any of the required roles: SomeRole

Is this just a misunderstanding on my part of how this should work?

I am using WebSphere 8.0.0.9


回答1:


You have to do two things:

  • In the admin console, in the Security role to user mapping you have to add your SOMEUSER to SomeRole
  • Then in RunAs role mapping you have to specify one particular user from the SomeRole (in your case SOMEUSER) and provide password for him.

Both settings are required, because container must have userid and password for the RunAs, and also that user must be valid user for the role that should be used. (You cannot run just as role, it must be a specific user that has that role).

PS. I don't have console at hand, so links might be called a bit differently in the console, but you should get the idea.

For more details check Assigning users to RunAs roles



来源:https://stackoverflow.com/questions/33118280/cant-get-runas-to-work-in-an-ejb

标签
java
ejb
websphere
websphere-8
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!