Restrict Access to specific methods in applications

  In my weblogic server there are many applications running.For different groups of users dependign on their group i have to restrict them to certain methods in  the application.Is this possible.Please let me know.can this functionality be specifed in the security roles?

Who is Participating?
moduloConnect With a Mentor Commented:
PAQed with points refunded (500)

Community Support Moderator
koppchaAuthor Commented:
To be more specific here are the details
   We have two main weblogic servers  and they communicate with one another according to the requirements.Under weblogic server 1 with have other applications as well but all the applications will contact weblogic 2 through weblogic 1 using one specific id(currently it is like this)...
   The changes we would like to do is that we should be able to identify on weblogic 2 which application is calling it through weblogic 1.These are EJB methods that are being called.The applications in weblogic one should have access to specific methods in weblogic 2 so we should be able to restrict the applications that are trying to access methods under weblogic 2 that they do not have access to.


I think you will be able to protect your ejbs with the J2EE security model.

Follow this lonk for more details :

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

koppchaAuthor Commented:
  Thanks for responding.I resolved the changing the ejb-jar.xml and weblogic-ejb-jar.xml.Here are the changes that needs to be done..which may help others.
To restrict access to a methods to a particular group
1>Create the group in the weblogic can do this by going to Security
2>In you EJB change the xml files accordingly.Sample changes are listed below.



3>Redploy your EJB

4>In the admin cosole right click on the ENB and select Define Scoped Rules.

   You should be able to find the scope that you have created in ejb-jar.xml


More in detail...

1. In an enterprise, you probably want to restrict access to critical EJB methods based on who is calling them.
2. Define method-level restrictions in the standard "ejb-jar.xml" file based on "roles" (president, admin. assistant, salesperson, customer). Use <security-role>, <role-name>, <method-permission>, <method>, <ejb-name> and <method-name> tags.
3. Map these roles to actual usernames or groups in a server-specific file. For example, in the "weblogic-ejb-jar.xml" file, use <security-role-assignment>, <role-name> and <principal-name> tags)

For more info look @ here, its provided with very good and wonderful examples ...

koppchaAuthor Commented:
I am going to ask the administrator  to accept my answer and  refund on this question.Please let me know if you have any issues with this.
Definitely no Issues you can get back your points Back !

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.