Regarding method permission

Kosigi Gururaj Wed, 21 Mar 2001 04:52:16 -0800
Hi guys

I created one bean.
now i want to restrict some people from using my bean .
I mean if any user calls the create() method in the home ,he should get the
security exception.
only those users that r listed in the weblogic property file should create.
in weblogic property file i created the group like this ----->

        >weblogic.password.appa=appannacharya
        >weblogic.password.gururaj=rashmiraj
        >weblogic.security.group.family=appa,gururaj

in the ejb-jar.xml ----->
            ........
        <assembly-descriptor>
                 <security-role>
                        <description></description>
                        <role-name>family</role-name>
                 </security-role>
                <method-permission>
                        <description></description>
                        <role-name>family</role-name>
                        <method>
                                <ejb-name>Component</ejb-name>
                                  <method-name>create</method-name>
                        </method>
                 </method-permission>
         </assembly-descriptor>

and in weblogic-ejb-jar.xml ------->
            ...........
        <security-role-assignment>
              <role-name>family</role-name>
              <principal-name>appa</principal-name>
        </security-role-assignment>

in my client code -------->

                try{
                        Properties props = System.getProperties();
                        props.put(Context.SECURITY_PRINCIPAL,"gururaj");
                        props.put(Context.SECURITY_CREDENTIALS,"rashmiraj");
                        Context ctx = new InitialContext(props);
                        MyHelloHome home =
(MyHelloHome)ctx.lookup("component");
                        MyHello ct = home.create();
                }catch(Exception e){
                        System.out.println("problem in
InitialContext(props)");
                        e.printStackTrace();
                        System.exit(-1);
                }

if i run this code I must get security exception as the user "gururaj "
doesn't have the permission to invoke the create() method.
only the user "appa" has the permission.
but now when i run my client code it is allowing "gururaj" to create the
bean.

can any one tell where is the mistake

Thanx in advance

Gururaj Kosigi
MindTree Consulting Private Ltd.,
Block A,No.42,27th Cross,
2nd Stage, Banashankari,
Bangalore - 560070
Off: +91-80-6545266 Extn-1169

===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST".  For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
Regarding method permission

Reply via email to
