3

I have many EJBs with my business methods. These methods use @RolesAllowed annotation to check if user can execute this method.

So I have an EJB Scheduler that calls these EJB methods. EJB schedulers runs with anonymous user, so authorization fails.

How I can run my schedulers with other role? For testing proposes, I run with @RunAs("SYSTEM") annotation, but I don't know if this is right.

My scheduler class

@RunAs("SYSTEM")
public class InboxScheduler {
    protected void inboxFileScan(Timer t) {
        receiptFilesService.receiptFiles();
    }
}

My EJB class

@RolesAllowed("SYSTEM")
public void receiptFiles() {
    // do anything
}
Otávio Garcia
  • 1,372
  • 1
  • 15
  • 27

1 Answers1

2

Yes, that's a right use.

The section 12.3.4.1 of the EJB 3.2 specification says that all methods of your bean (including timeout callback methods) will have the identity defined in run-as.

From spec: The run-as identity applies to the enterprise bean as a whole, that is, to all methods of the enterprise bean’s business, home, and component interfaces, no-interface view, and/or web service endpoint; to the message listener methods of a message-driven bean; and to the timeout callback methods of an enterprise bean; and all internal methods of the bean that they might in turn call.

OndroMih
  • 7,280
  • 1
  • 26
  • 44
victor herrera
  • 1,006
  • 9
  • 7