Could you please clarify this for me? The provided answer states that "the caller's identity propagates to the target bean". We can, on the other hand, specify @RunAs, and then the container will supply another principal as the target bean's caller.
Do you mean to say that even when running under @RunAs, the target bean can obtain the caller's "true" identity?
About Question enthuware.oce-ejbd.v6.2.407 :
Moderators: Site Manager, fjwalraven
-
- Site Admin
- Posts: 10075
- Joined: Fri Sep 10, 2010 9:26 pm
- Contact:
Re: About Question enthuware.oce-ejbd.v6.2.407 :
If you specify @RunAs, then caller identity becomes the one specified in RunAs, which is what is passed on to the target bean.
But I think it should be made clear in the question to avoid this confusion.
thank you for your feedback!
But I think it should be made clear in the question to avoid this confusion.
thank you for your feedback!
If you like our products and services, please help us by posting your review here.
Re: About Question enthuware.oce-ejbd.v6.2.407 :
I am looking forward to the new phrasing.
Just want to check my understanding: suppose we have a user WebUser calling the bean method WebBean.doIt(), which in its turn calls BackBean.doItYourself(). If BackBean is marked with @RunAs("BackUser"), it will receive BackUser as its principal. And from within WebBean.doIt() I don't even have an easy way to find out the name of BackUser, nor can I find the name of WebUser from inside BackBean. Is this correct? Doesn't sound like "propagation" to me.
Just want to check my understanding: suppose we have a user WebUser calling the bean method WebBean.doIt(), which in its turn calls BackBean.doItYourself(). If BackBean is marked with @RunAs("BackUser"), it will receive BackUser as its principal. And from within WebBean.doIt() I don't even have an easy way to find out the name of BackUser, nor can I find the name of WebUser from inside BackBean. Is this correct? Doesn't sound like "propagation" to me.
-
- Site Admin
- Posts: 10075
- Joined: Fri Sep 10, 2010 9:26 pm
- Contact:
Re: About Question enthuware.oce-ejbd.v6.2.407 :
No, BackBean receives original user but it runs as BackUser, so if BankBean calls another BackBackBean, then BackBackBean will receive BackUser instead of the original user.Guest wrote:I am looking forward to the new phrasing.
Just want to check my understanding: suppose we have a user WebUser calling the bean method WebBean.doIt(), which in its turn calls BackBean.doItYourself(). If BackBean is marked with @RunAs("BackUser"), it will receive BackUser as its principal. And from within WebBean.doIt() I don't even have an easy way to find out the name of BackUser, nor can I find the name of WebUser from inside BackBean. Is this correct? Doesn't sound like "propagation" to me.
Propagation of the original caller role is the default behavior. If you want to override it, the specification allows you to do that using @RunAs.
HTH,
Paul.
If you like our products and services, please help us by posting your review here.
Who is online
Users browsing this forum: No registered users and 6 guests