Restrict Access to specific methods in applications

Hi
  In my weblogic server there are many applications running.For different groups of users dependign on their group i have to restrict them to certain methods in  the application.Is this possible.Please let me know.can this functionality be specifed in the security roles?

Thanks
LVL 8
koppchaAsked:
Who is Participating?
 
moduloConnect With a Mentor Commented:
PAQed with points refunded (500)

modulo
Community Support Moderator
0
 
koppchaAuthor Commented:
To be more specific here are the details
   We have two main weblogic servers  and they communicate with one another according to the requirements.Under weblogic server 1 with have other applications as well but all the applications will contact weblogic 2 through weblogic 1 using one specific id(currently it is like this)...
   The changes we would like to do is that we should be able to identify on weblogic 2 which application is calling it through weblogic 1.These are EJB methods that are being called.The applications in weblogic one should have access to specific methods in weblogic 2 so we should be able to restrict the applications that are trying to access methods under weblogic 2 that they do not have access to.

0
 
ECollinCommented:
Hi,

I think you will be able to protect your ejbs with the J2EE security model.

Follow this lonk for more details : http://e-docs.bea.com/wls/docs81/security/ejb_client.html

Emmanuel
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
koppchaAuthor Commented:
Hi
  Thanks for responding.I resolved the issue...by changing the ejb-jar.xml and weblogic-ejb-jar.xml.Here are the changes that needs to be done..which may help others.
To restrict access to a methods to a particular group
1>Create the group in the weblogic server.you can do this by going to Security
2>In you EJB change the xml files accordingly.Sample changes are listed below.

ejb-jar.xml
<assembly-descriptor>
<security-role>
<role-name>MethodAuthentication</role-name>
</security-role>
<method-permission>
<role-name>REPORTINGAuthentication</role-name>
<method>
<ejb-name>EJBName</ejb-name>
<method-name>Method1</method-name>
</method>
</method-permission>
</assembly-descriptor>

weblogic-ejb-jar.xml
<security-role-assignment>
<role-name>MethodAuthentication</role-name>
<principal-name>User1</principal-name>
<principal-name>User2</principal-name>
</security-role-assignment>

3>Redploy your EJB

4>In the admin cosole right click on the ENB and select Define Scoped Rules.

   You should be able to find the scope that you have created in ejb-jar.xml


 
0
 
rama_krishna580Commented:
Hi,

More in detail...

1. In an enterprise, you probably want to restrict access to critical EJB methods based on who is calling them.
2. Define method-level restrictions in the standard "ejb-jar.xml" file based on "roles" (president, admin. assistant, salesperson, customer). Use <security-role>, <role-name>, <method-permission>, <method>, <ejb-name> and <method-name> tags.
3. Map these roles to actual usernames or groups in a server-specific file. For example, in the "weblogic-ejb-jar.xml" file, use <security-role-assignment>, <role-name> and <principal-name> tags)

For more info look @ here, its provided with very good and wonderful examples ...
http://www.vipan.com/htdocs/ejb.html

R.K
0
 
koppchaAuthor Commented:
I am going to ask the administrator  to accept my answer and  refund on this question.Please let me know if you have any issues with this.
0
 
rama_krishna580Commented:
Definitely no Issues you can get back your points Back !

R.K
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.