In EJB 1.1., how do I ensure that while any client can access EJB A, only EJB A should be allowed to access EJB B? ie my client cannot access EJB B directly.

Alessandro A. Garbagnati

(Keeping in mind that 1.1 version does not support run_as_mode)

Hi,
Maybe this it's just a silly idea, but can't you just limit the access to EJB B inside the deployment descriptor, using the <method-permission> tag?

<method-permission>
 <role-name>guest</role-name>
 <method>
  <ejb-name>EJB_A</ejb-name>
  <method-name>*</method-name>
 </method>
</method-permission>
<method-permission>
 <role-name>administrators</role-name>
 <method>
  <ejb-name>EJB_B</ejb-name>
  <method-name>*</method-name>
 </method>
</method-permission>
This should not allow anyone without the administrator permissions to access to the EJB_B, and I think that you can set the context inside EJB_A to be in that security level.
Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

About | Sitemap | Contact