Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

mapping specific rolename to methods in EJB

Posted on 2004-11-19
1
Medium Priority
?
165 Views
Last Modified: 2013-11-24
i am using oc4j container9.0.3

isay this statelesssessionbean
in my ejb-jar.xml i will give access generateBillingmethod to 'myMgr'  only other than myMgr no body can access my method;;

<method-permission>
  <role-name>myMgr</role-name>
  <method>
      <ejb-name>myBean</ejb-name>
      <method-name>generateBilling</method-name>
      <method-params>
            <method-param>javax.lang.String</method-param>
            <method-param>javax.lang.String</method-param>
          </method-params>
  </method>
</method-permission>

in session bean how can i write  logic that only 'myMgr' can access this method;




0
Comment
Question by:chaitu chaitu
1 Comment
 
LVL 13

Accepted Solution

by:
petmagdy earned 1000 total points
ID: 12632278
u can do this declarativlly like this:

1- in ur ejb.jar.xml:

  <assembly-descriptor>
......
    <security-role>
      <role-name>myMgr</role-name>
    </security-role>
    <method-permission>
      <role-name>myMgr</role-name>
      <method>
        <ejb-name>UrEjbName</ejb-name>
        <method-intf>Local {or Remote or Both}</method-intf>
        <method-name>generateBilling</method-name>
      </method>
.....
    </method-permission>

2- in ru orion-ejb-jar.xml do this:

    <assembly-descriptor>
        <security-role-mapping name="myMgr">
            <group name="myMgr" />
        </security-role-mapping>
        <default-method-access>
            <security-role-mapping name="&lt;default-ejb-caller-role&gt;" impliesAll="true" />
        </default-method-access>
    </assembly-descriptor>

3- in ur oc4j j2ee\home\config\principals.xml add a user and a group:

        <group name="myMgr">
            <description>myMgr</description>
        </group>

        <user username="MyMgrUser" password="password">
            <description>no description</description>
            <group-membership group="myMgr" />
        </user>

then u r sure that only member of MyMgr group can access the EJB API

u can also check that programatically if u called:

EJBContext.isCallerInRole("myMgr");


0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For beginner Java programmers or at least those new to the Eclipse IDE, the following tutorial will show some (four) ways in which you can import your Java projects to your Eclipse workbench. Introduction While learning Java can be done with…
This was posted to the Netbeans forum a Feb, 2010 and I also sent it to Verisign. Who didn't help much in my struggles to get my application signed. ------------------------- Start The idea here is to target your cell phones with the correct…
Viewers will learn about basic arrays, how to declare them, and how to use them. Introduction and definition: Declare an array and cover the syntax of declaring them: Initialize every index in the created array: Example/Features of a basic arr…
The viewer will learn how to implement Singleton Design Pattern in Java.
Suggested Courses
Course of the Month11 days, 18 hours left to enroll

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question