2

My EJB timer always runs with UNAUTHENTICATED user. I tried to put @RunAs but did not work. I tried to change the value with reflection and did not work, I need call a remote EJB from this and I need a user that has permission.

@Resource
private SessionContext context;

@Schedule(second= "*/5", minute = "*", hour = "*", persistent = false)
public void executa(){

    Principal callerPrincipal = context.getCallerPrincipal();
    final Field field = getField(callerPrincipal.getClass(), "name");
    field.setAccessible(true);

    try {
        field.set(callerPrincipal,"MYUSER");
    } catch (IllegalAccessException e) {
        e.printStackTrace();
    }

    this.iMyRemoteEjb.doWork()
 }
ᄂ ᄀ
  • 5,669
  • 6
  • 43
  • 57
Gustavo Rozolin
  • 1,070
  • 2
  • 13
  • 21
  • 1
    Using `@RunAs` should work, so if it doesn't, you should open a PMR with IBM. – Brett Kail Jun 13 '15 at 17:41
  • @bkail thanks for your comment, if I use @RunAs("ADMIN") when I call callerPrincipal.getName() should I get "ADMIN"? – Gustavo Rozolin Jun 15 '15 at 14:00
  • 1
    Maybe, but probably not. The argument to `@RunAs` is a role name, but when you deploy the application, you select which actual identity the EJB should run as. Unless your actual identity has the same name as the role name you select, it will be different. `SessionContext.isCallerInRole("ADMIN")` should be true, though. – Brett Kail Jun 15 '15 at 14:36
  • hmm, is there any way to set a callerPrincipal? – Gustavo Rozolin Jun 15 '15 at 14:40
  • 1
    There's no standard/portable way, but in WebSphere Application Server you can use the WSSubject API. There are many topics discussing WSSubject in the knowledge center, but here's one with an example: https://www-01.ibm.com/support/knowledgecenter/SSAW57_8.0.0/com.ibm.websphere.nd.doc/info/ae/ae/xsec_wsloginbasicauth.html – Brett Kail Jun 15 '15 at 14:51
  • Did you remember to enable application security? – Gas Jun 15 '15 at 15:20

0 Answers0