J2EE security EJB Roles and weblogic server
Posted on 2010-08-17
In EJB security and Weblogic server, We see Roles and Groups and Users.I have a doubt here.
Suppose , using weblogic admin console I create the following
I create a role 'R1' and attach it to Group 'G1'
I create a role 'R2' and attach it to Group 'G1'
I create a role 'R3' and attach it to Group 'G1'
I create a user'U1' with password "u1xx" and attach it to group 'G1'
I create a user'U2' with password "u2xx" and attach it to group 'G1'
I create a user'U3' with password "u3xx" and attach it to group 'G1'
Now, problem is , how does a user say 'U1' will know which Role he is having ? where is that connection ?
I have read the doc and deployment descriptor but this part is not clear. So, if you are calling an EJB with user 'U1' and password 'u1xx' how does it know which role it has acquired ? Of course ,Weblogic server will tell you, its attached to Group G1 because it knows 'U1' is attached to Group 'G1' though but it can not tell you the Role....And unless you know the Role , you can't get the EJB method permission specific to each Role !
Could you please clarify this part ?