Skip to main content

Replacement for principal name "ANONYMOUS"

Please note these java.net forums are being decommissioned and use the new and improved forums at https://community.oracle.com/community/java.
3 replies [Last post]
mkarg
Offline
Joined: 2007-12-09

One of our MDBs invokes a SB. That SB is using getCallerPrincipal().getName(). That always returns "ANONYMOUS". How can we replace that with another user name? We provided @RunAs("System") to the MDB and mapped a single principal in glassfish-application.xml:

<security-role-mapping>
  <role-name>System</role-name>
  <principal-name>Foo</principal-name>
</security-role-mapping>

Unfortunately this has no effect, we still get "ANONYMOUS". Also, we provided a Default Principal and Default Principal Password in the adming GUI, with neither effect.

What is the correct and working way to tell GFv3.1.1_b11 that each time @RunAs("System") is used, getCallerPrincipal().getName() shall return "Foo" but not "ANONYOUS"?

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
cf126330
Offline
Joined: 2005-03-29

quote from ejb spec section 17.2.5.1 Use of getCallerPrincipal:

Note that getCallerPrincipal returns the principal that represents the caller of the
enterprise bean, not the principal that corresponds to the run-as security identity for the bean,
if any.

lyuboe
Offline
Joined: 2007-04-26

cf126330, can you please explain what is the difference? It is not quite clear to me..

Thanks

mkarg
Offline
Joined: 2007-12-09

It means that getCallerPrincipal() will return "ANONYMOUS" in case no user was actually authenticated, even if a @RunAs annotation (or deployment descriptor entry) is provided. The @RunAs principal is only used to gain authorization, but will not be returned when calling getCallerPrincipal.

While that sounds unfeasible, it is what the spec wants and what a compliant EJB container will do.