koppcha
asked on
Restrict Access to specific methods in applications
Hi
In my weblogic server there are many applications running.For different groups of users dependign on their group i have to restrict them to certain methods in the application.Is this possible.Please let me know.can this functionality be specifed in the security roles?
Thanks
In my weblogic server there are many applications running.For different groups of users dependign on their group i have to restrict them to certain methods in the application.Is this possible.Please let me know.can this functionality be specifed in the security roles?
Thanks
Hi,
I think you will be able to protect your ejbs with the J2EE security model.
Follow this lonk for more details : http://e-docs.bea.com/wls/docs81/security/ejb_client.html
Emmanuel
I think you will be able to protect your ejbs with the J2EE security model.
Follow this lonk for more details : http://e-docs.bea.com/wls/docs81/security/ejb_client.html
Emmanuel
ASKER
Hi
Thanks for responding.I resolved the issue...by changing the ejb-jar.xml and weblogic-ejb-jar.xml.Here are the changes that needs to be done..which may help others.
To restrict access to a methods to a particular group
1>Create the group in the weblogic server.you can do this by going to Security
2>In you EJB change the xml files accordingly.Sample changes are listed below.
ejb-jar.xml
<assembly-descriptor>
<security-role>
<role-name>MethodAuthentic ation</rol e-name>
</security-role>
<method-permission>
<role-name>REPORTINGAuthen tication</ role-name>
<method>
<ejb-name>EJBName</ejb-nam e>
<method-name>Method1</meth od-name>
</method>
</method-permission>
</assembly-descriptor>
weblogic-ejb-jar.xml
<security-role-assignment>
<role-name>MethodAuthentic ation</rol e-name>
<principal-name>User1</pri ncipal-nam e>
<principal-name>User2</pri ncipal-nam e>
</security-role-assignment >
3>Redploy your EJB
4>In the admin cosole right click on the ENB and select Define Scoped Rules.
You should be able to find the scope that you have created in ejb-jar.xml
Thanks for responding.I resolved the issue...by changing the ejb-jar.xml and weblogic-ejb-jar.xml.Here are the changes that needs to be done..which may help others.
To restrict access to a methods to a particular group
1>Create the group in the weblogic server.you can do this by going to Security
2>In you EJB change the xml files accordingly.Sample changes are listed below.
ejb-jar.xml
<assembly-descriptor>
<security-role>
<role-name>MethodAuthentic
</security-role>
<method-permission>
<role-name>REPORTINGAuthen
<method>
<ejb-name>EJBName</ejb-nam
<method-name>Method1</meth
</method>
</method-permission>
</assembly-descriptor>
weblogic-ejb-jar.xml
<security-role-assignment>
<role-name>MethodAuthentic
<principal-name>User1</pri
<principal-name>User2</pri
</security-role-assignment
3>Redploy your EJB
4>In the admin cosole right click on the ENB and select Define Scoped Rules.
You should be able to find the scope that you have created in ejb-jar.xml
Hi,
More in detail...
1. In an enterprise, you probably want to restrict access to critical EJB methods based on who is calling them.
2. Define method-level restrictions in the standard "ejb-jar.xml" file based on "roles" (president, admin. assistant, salesperson, customer). Use <security-role>, <role-name>, <method-permission>, <method>, <ejb-name> and <method-name> tags.
3. Map these roles to actual usernames or groups in a server-specific file. For example, in the "weblogic-ejb-jar.xml" file, use <security-role-assignment> , <role-name> and <principal-name> tags)
For more info look @ here, its provided with very good and wonderful examples ...
http://www.vipan.com/htdocs/ejb.html
R.K
More in detail...
1. In an enterprise, you probably want to restrict access to critical EJB methods based on who is calling them.
2. Define method-level restrictions in the standard "ejb-jar.xml" file based on "roles" (president, admin. assistant, salesperson, customer). Use <security-role>, <role-name>, <method-permission>, <method>, <ejb-name> and <method-name> tags.
3. Map these roles to actual usernames or groups in a server-specific file. For example, in the "weblogic-ejb-jar.xml" file, use <security-role-assignment>
For more info look @ here, its provided with very good and wonderful examples ...
http://www.vipan.com/htdocs/ejb.html
R.K
ASKER
I am going to ask the administrator to accept my answer and refund on this question.Please let me know if you have any issues with this.
Definitely no Issues you can get back your points Back !
R.K
R.K
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We have two main weblogic servers and they communicate with one another according to the requirements.Under weblogic server 1 with have other applications as well but all the applications will contact weblogic 2 through weblogic 1 using one specific id(currently it is like this)...
The changes we would like to do is that we should be able to identify on weblogic 2 which application is calling it through weblogic 1.These are EJB methods that are being called.The applications in weblogic one should have access to specific methods in weblogic 2 so we should be able to restrict the applications that are trying to access methods under weblogic 2 that they do not have access to.