On Tue, 25 Jan 2000, I wrote:
> I guess one way to enforce this security would be to make all entity bean
> methods as executable only by a special "session bean" or "system" user and
> enforce this through the EJB security role mechanism.
>
> Then I would need a some technique for promoting a regular user to the "system
> user" when a session bean calls an entity bean method, but I don't know of a
> portable way to do this either.
bad form to follow-up my own post, but I think Section 15.2.1 of the EJB 1.1
spec answers the question. You can use "principal delegation" to change the
caller principal from one principal to another. This would allow a session bean
to call entity bean methods as a privileged user (like "su to root" in the Unix
world)
However, this is done in a "Container-specific way", that is, it isn't
portable. But at least the non-portability is relegated to a deployment
descriptor and not the Java code.
-david
--
David Sims [EMAIL PROTECTED]
Sims Computing, Inc. www.simscomputing.com
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
