0

I'm running GlassFish Server 4.1 and I want to call a method periodically so I am using @Schedule, the method requires a role so I added @RunAs to the class. But no matter how I try I can not get this to work. 

@Singleton
@Startup
@RunAs("Tool")
public class Test {
    @Resource 
    private SessionContext ctx;

    @Schedule(minute = "*/1", hour = "*")
    public void checkExpiringAgreements() {
        System.out.println("Has role Tool: " + ctx.isCallerInRole("Tool"));
    }
}

This runs every minute, but it prints:

Info:   Has role Tool: false

If I had any hair I'd be tearing it out right now. Why doesn't this work?

cptcactus
  • 212
  • 1
  • 5
  • I wonder if Glassfish requires additional configuration is required for the Tool role to specify which specific identity should be used. I know WebSphere Application Server does: – Brett Kail Nov 10 '15 at 19:08
  • Try declaring your role in class by `@DeclareRoles({"Tool"})`. – Geinmachi Nov 10 '15 at 19:21

2 Answers2

0

Check the security realm and make sure the principal has the role you are setting in the @RunAs:

1) From @RunAs javadoc: "The role must map to the user / group information in the containers security realm".

2) From EJB 3.2 spec.: "Establishing a run-as identity for an enterprise bean does not affect the identities of its callers, which are the identities tested for permission to access the methods of the enterprise bean."

Note: because the Bean Developer / Application Assembler don't usually know about the security configuration details, they can set a "logical" role so that the Deployer will later know how to set it in the groups-roles-users mapping.

fidudidu
  • 399
  • 3
  • 10
0

For anyone who is, like me, been searching for this issue: when use use RunAs("Tool") then that role is set for outgoing calls.

So you should create a different EJB that you call and inside that EJB you will have the tool role.

thehpi
  • 5,683
  • 4
  • 17
  • 24