Search code examples
jax-rsejbjava-ee-7glassfish-4.1

Unable to populate BD whit ConfigBean and @RunAs

I'm using ConfigBean in order to populate my BD, like so:

@Singleton
@Startup 
@RunAs("Administrator")
public class ConfigBean {

    @EJB
    private ClientBean clientBean;

    @EJB
    private AdministratorBean adminstratorBean;

    @PostConstruct
    public void populateDB() {
        try{
            clientBean.create(new ClientDTO("client1", "secret", "Manuel", "[email protected]", "Av. José Maceda", "918 923 232"));
            clientBean.create(new ClientDTO("client2", "secret", "Manuel", "[email protected]", "Av. Alberto Alves", "+00351 256 0033 12"));
            adminstratorBean.create(new AdministratorDTO("administrator1", "secret", "Manuel", "[email protected]", "Director"));
        }catch(Exception ex){
            System.out.println(ex);
        }
    }

Both my beans look like so:

@POST
@RolesAllowed("Administrator")
@Consumes(MediaType.APPLICATION_XML)
@Produces(MediaType.APPLICATION_XML)
public Response create(AdministratorDTO administratorDTO){...}

As for my web.xml:

...
<login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>dae_project_realm</realm-name>
    </login-config>
    <security-role>
        <description/>
        <role-name>Client</role-name>
    </security-role>
    <security-role>
        <role-name>Administrator</role-name>
    </security-role>
</web-app>

Everything seems ok. However, when I run the application and the method populateDB is called, I keep getting the error:

javax.ejb.AccessLocalException: Client not authorized for this invocation

I saw a few interesting links, but I still couldn't get it to work:

Solution

  • In order to use @RunAs, we need to create a user of that role. For that, you need to do the following steps.

    1. Open GlashFish in Admin Console
    2. Open Configurations>server-config>security>realms
    3. Click on file enter image description here
    4. Click on Manage Users enter image description here
    5. Click in New
    6. Create the User like so: enter image description here

    7. Update @RunAs to use the new created user:

      @Singleton
@Startup 
@RunAs("BOB") //BOB belongs to the desired group 
public class ConfigBean {

    @EJB
    private ClientBean clientBean;

    @EJB
    private AdministratorBean adminstratorBean;

    @PostConstruct
    public void populateDB() {
        try{
            clientBean.create(new ClientDTO("client1", "secret", "Manuel", "[email protected]", "Av. José Maceda", "918 923 232"));
            clientBean.create(new ClientDTO("client2", "secret", "Manuel", "[email protected]", "Av. Alberto Alves", "+00351 256 0033 12"));
            adminstratorBean.create(new AdministratorDTO("administrator1", "secret", "Manuel", "[email protected]", "Director"));
        }catch(Exception ex){
            System.out.println(ex);
        }
    }