WebLogic: can't get roles for user in EJB3

3
votes

In my EJB 3 I try to test for the roles of the principal but it always returns false.

In my WebLogic 11g Console I defined under "MyDomain" -> "Security Realms" -> "myrealm" -> "Users and Groups" 3 users (user1 , user2 & user3) and 2 groups (role1 & role2); role1 has user1 & user3, role2 has user2 & user3.
My EJB has no further security defined (no @RolesAllowed, etc. or entries in DDs).

When I test in my EJB for the presence of roles with sessionContext.isCallerInRole(role); it always returns false. If I call sessionContext.getCallerPrincipal().getName(); I do get the correct user ID.

What am I doing wrong?

2
javasecurityejb-3.0weblogicweblogic11g
It might help to know which exact version of Weblogic 11g you have. I have recent, sharp, and unpleasant experience that EJB and Jax-Ws behavior and bugs are sharply different between the various editions of Weblogic labeled 10.3.0, 10.3.1, 10.3.3 and 10.3.4, all but the first labeled 11g.mezmo
It's WebLogic Server Version: 10.3.4.0Koohoolinn

2 Answers

0
votes

Have you declared your role using either @DeclareRoles or ? If I read the spec correctly section 17.2.5.3 seems to mandate that you have to declare any role names that you use when calling isCallerInRole() through one or the other mechanism.

0
votes

If your sessionContext is injected, specifying the authentication Type as Container in the @Resource annotation worked for me. E.g.:

@Resource(authenticationType=AuthenticationType.CONTAINER)
private SessionContext sessionCtx;