You could have EJBA assume a special Identity that is allowed to
access EJBB, where as the client identities do not have this permission.
There is the capability to specify a "run as" identity in the deployment
descriptor. And, depending on the app server you are using, there may
be APIs that let you swizzle the identity in EJBA's implementation.
-Chris.
----------------------------------------------------------------------
Chris Raber, Systems Engineer, GemStone Systems Inc.
100 West Big Beaver, Suite 200, Troy, MI 48084
phone: (248)-680-6691, fax: (248)-680-6689,
email: [EMAIL PROTECTED]
web: http://www.gemstone.com/
----------------------------------------------------------------------
> -----Original Message-----
> From: Sean C Sullivan [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, May 21, 1999 4:03 PM
> To: [EMAIL PROTECTED]
> Subject: Deny remote clients access to Entity bean methods
>
> I've got two EJB's:
>
> EJBA - a stateful session bean
> EJBB - an Entity bean
>
> I implemented home and remote interfaces for both beans.
>
> I want to setup the following:
> 1) allow remote clients to call methods on EJBA
> 2) deny remote clients access to methods on EJBB
> 3) allow EJBA to call methods on EJBB
>
> #1 is easy to do.
>
> I'm looking for the best way to satisfy requirements #2 and #3.
>
> Thoughts?
>
> -Sean
>
> ==========================================================================
> =
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
