This topic surfaced recently on the jBoss mail list and I thought I would bring it over here as well. We are all aware that EJB provides us with declaritive security which will prevent clients (and EJBs) from accessing methods that they do not have rights to. We also use the facade pattern to shield our entity beans from direct access from clients. It may look like this: SSB1 -> EB1 -> EB2 This serves a particular purpose, but it is rarely sufficent enough for many security needs. Perhaps the principal is allowed to transfer funds up to a certain amount, or they can initiate certain types of projects, but not others. This is where programmatic security steps in. EJB conveniently gives us the isUserInRole() method to determine if this user has sufficient rights to perform such actions. BUT, it seems that these rights conflict with each other. To shield a client from directly accessing EB1 or EB2 in the example above, the role assigned to methods on these beans must be racheted down. The session bean facade must relogin using these more restricted credentials in order to contact the entity beans. When this is done, the original credentials of the user are lost and the entity beans can no longer make an informed decision about our client's security roles!? What solutions exist? One may be to register the entity beans in a name server that the client cannot reach, however this would probably mean that the session bean would have to be separated from the entity beans it facades. Not a pretty design. jim =========================================================================== To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff EJB-INTEREST". For general help, send email to [EMAIL PROTECTED] and include in the body of the message "help".
