In EJB 1.1., how do I ensure that while any client can access EJB A, only EJB A should be allowed to access EJB B? ie my client cannot access EJB B directly.

Created May 7, 2012

Alessandro A. Garbagnati

(Keeping in mind that 1.1 version does not support run_as_mode)

Hi,
Maybe this it's just a silly idea, but can't you just limit the access to EJB B inside the deployment descriptor, using the <method-permission> tag?

<method-permission>
 <role-name>guest</role-name>
 <method>
  <ejb-name>EJB_A</ejb-name>
  <method-name>*</method-name>
 </method>
</method-permission>
<method-permission>
 <role-name>administrators</role-name>
 <method>
  <ejb-name>EJB_B</ejb-name>
  <method-name>*</method-name>
 </method>
</method-permission>

This should not allow anyone without the administrator permissions to access to the EJB_B, and I think that you can set the context inside EJB_A to be in that security level.

Post a comment

Email Article

Print Article

Most Popular jGuru Stories

Editor's Picks

Most Popular

The Java Game Development Tutorial

Files and Directories in Java

Load Testing your Applications with Apache JMeter

Unit Testing Java Programs

Using SOAP with Java