Enterprise Java Development@TOPIC@

Chapter 113. run-as

113.1. Summary

Figure 113.1. Default security-identity: use-caller-identity


<enterprise-beans>

    <session>

        <ejb-name>SecurePingEJB</ejb-name>

        <security-identity>

            <use-caller-identity/>

        </security-identity>

    </session>

</enterprise-beans>

  • security-identity of bean defaults to caller identity

Figure 113.2. Run-as security-identity: role-name


<enterprise-beans>

    <session>

        <ejb-name>SecurePingClientEJB</ejb-name>

        <security-identity>

            <run-as>

                <role-name>admin</role-name>

            </run-as>

        </security-identity>

    </session>

</enterprise-beans>

<assembly-descriptor>

    <security-role>

        <role-name>admin</role-name>

    </security-role>

</assembly-descriptor>


import javax.annotation.security.RunAs;


@Stateless

@PermitAll

@RunAs("admin")

public class SecurePingClientEJB 

    implements SecurePingClientRemote, SecurePingClientLocal {

    @EJB(lookup="ejb:securePingEAR/securePingEJB/SecurePingEJB!info.ejava.examples.secureping.ejb.SecurePingRemote")

    SecurePingRemote securePingServer;

  • EJB can discard caller's identity/roles and run-as a specific role

  • Requires specification of an identity (provider-specific annotation)

Figure 113.3. Run-as principal: identity


<assembly-descriptor>

    <sec:security>

        <ejb-name>*</ejb-name>

        <sec:security-domain>other</sec:security-domain>

        <sec:run-as-principal>admin1</sec:run-as-principal>

    </sec:security>

</assembly-descriptor>

  • Specifies specific user-identity to run-as

  • Vendor-specific

Figure 113.4. Invoking Protected EJB thru Run-as Proxy

runAs(userLogin);

logger.info(securePing.pingAdmin());
@RunAs("admin")

public String pingAdmin() {        

    return securePingServer.pingAdmin();

}
-realm callback:ApplicationRealm
-name callback:user1
-password callback:password1!
-securePingClient called pingAdmin, principal=user1, isUser=true, isAdmin=false, isInternalRole=false:
securePing=called pingAdmin, principal=admin1, isUser=false, isAdmin=true, isInternalRole=true

  • user1 is allowed to call method restricted to admin when proxied by run-as EJB

  • proxy EJB sees caller as user1 and having all assigned roles

  • proxied EJB sees caller as admin1 and only having assigned admin role

113.1. Summary