Re: Q: EJB security rolse & User Interface

Tue, 26 Oct 1999 11:20:07 -0700 

see below

----- Original Message -----
From: David Gasul <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, October 26, 1999 10:15 AM
Subject: Q: EJB security rolse & User Interface


> Hi EJBers,
> An n-tier application has a client, middleware and possibly multiple
> backends. (This is obvious)
> Assume the client is a GUI client who uses menus. (A common practice)
> Assume there are a number of roles each one assigned certain priveleges.
(A
> common practice)
> Now, if the client invokes a method on a bean whose method she's
disallowed
> to invoke because of her role, the EJB container is supposed to catch this
> and provide to the client application the proper exception. (This is
> obvious)
> But building a system according to such a concept results IN A VERY BADLY
> DESIGNED SYSTEM!!!!

A little harsh...but I agree.

> The proper way of doing this, is NOT TO ALLOW the client in the first
place
> to invoke the methods she may not invoke by, for example, disabling those
> methods in the menus, and to use EJB container security enforcement as the
> second bastion.

I always try to be proactive instead of reactive in my GUIs. So I agree.

> So, it is somehow required to export to the client the methods a user in a
> role may invoke so that the client can adjust the menus accordingly.
> I didn't see any means to this effect. Did anybody else?

This is exactly what you must do to get the effect you desire. It's not
spec'd out anywhere *how* to do this. Whatever works for you is OK. The spec
provides method level security to prevent users from surrepticiously
executing methods that they shouldn't. If I get hold of a reference to your
remote object (by the use of the stub), there is nothing preventing me from
writing a client that access inappropriate methods.

The security built in to the spec is not (so much) intended to allow you to
write a nice GUI. It's intended to provide...well, security.

jim

> Regards,
> --
> David Gasul                                                     phone:
> +972-3-5388634
> Telegate Ltd.                                           office:
> +972-3-5384600
> 7 Haplada St., 60218 Or-Yehuda          fax:    +972-3-5335877
> Israel
> http://www.telegate.co.il
>
>
>

===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST".  For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".

Reply via email to