One futher note on this.
You would use the javax.ejb.deployment.AccessControlEntry to
specify the roles allowed to access the methods of EJBB and use
the class javax.ejb.deployment.ControlDescriptor set the runAsMode
and the runAsIdentity for EJBA to the role allowed for EJBB.
Of course the details of this procedure will be differrent for
EJB1.1 compliant app servers.
Alan
On Fri, 21 May 1999, Chris Raber wrote:
> You could have EJBA assume a special Identity that is allowed to
> access EJBB, where as the client identities do not have this permission.
>
> There is the capability to specify a "run as" identity in the deployment
> descriptor. And, depending on the app server you are using, there may
> be APIs that let you swizzle the identity in EJBA's implementation.
>
> -Chris.
>
> ----------------------------------------------------------------------
> Chris Raber, Systems Engineer, GemStone Systems Inc.
> 100 West Big Beaver, Suite 200, Troy, MI 48084
> phone: (248)-680-6691, fax: (248)-680-6689,
> email: [EMAIL PROTECTED]
> web: http://www.gemstone.com/
> ----------------------------------------------------------------------
>
>
> > -----Original Message-----
> > From: Sean C Sullivan [SMTP:[EMAIL PROTECTED]]
> > Sent: Friday, May 21, 1999 4:03 PM
> > To: [EMAIL PROTECTED]
> > Subject: Deny remote clients access to Entity bean methods
> >
> > I've got two EJB's:
> >
> > EJBA - a stateful session bean
> > EJBB - an Entity bean
> >
> > I implemented home and remote interfaces for both beans.
> >
> > I want to setup the following:
> > 1) allow remote clients to call methods on EJBA
> > 2) deny remote clients access to methods on EJBB
> > 3) allow EJBA to call methods on EJBB
> >
> > #1 is easy to do.
> >
> > I'm looking for the best way to satisfy requirements #2 and #3.
> >
> > Thoughts?
> >
> > -Sean
> >
> > ==========================================================================
> > =
> > To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> > body
> > of the message "signoff EJB-INTEREST". For general help, send email to
> > [EMAIL PROTECTED] and include in the body of the message "help".
>
> ===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
>
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
