<assembly-descriptor>
<security-role>
<description></description>
<role-name>DO_EVERYTHING</role-name>
</security-role>
<security-role>
<description></description>
<role-name>CANNOT_CREATE</role-name>
</security-role>
<method-permission>
<description></description>
<role-name>DO_EVERYTHING</role-name>
<method>
<ejb-name>Component</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
<method-permission>
<description></description>
<role-name>family</role-name>
<method>
<ejb-name>CANNOT_CREATE</ejb-name>
<method-intf>Remote</method-intf>
<method-name>*</method-name>
</method>
</method-permission>
</assembly-descriptor>
...
boss in the above xml i am getting confused in the below lines
<method-permission>
<description></description>
<role-name>family</role-name> <----------------- i
think this must be CANNOT_CREATE and not "family"
<method>
<ejb-name>CANNOT_CREATE</ejb-name>
<---------------- this must be Component and not CANNOT_CREATE
<method-intf>Remote</method-intf>
<--------------------- i coudn't get what it is
<method-name>*</method-name>
</method>
</method-permission>
please clarify on this..........
Thanx
-----Original Message-----
From: Rob Castaneda [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 23, 2001 10:37 AM
To: [EMAIL PROTECTED]
Subject: Re: Regarding method permission
Hi,
Hopefully I have interpreted you correctly, note that there may be many
solutions to this problem.
So if in weblogic.properties you have the following users/groups:
>weblogic.password.superuser=password
>weblogic.password.appa=password
>weblogic.password.gururaj=password
>weblogic.security.group.family=appa,gururaj
and you want the superuser to create the component, and the family principal
to invoke the bean but not create it
....
<assembly-descriptor>
<security-role>
<description></description>
<role-name>DO_EVERYTHING</role-name>
</security-role>
<security-role>
<description></description>
<role-name>CANNOT_CREATE</role-name>
</security-role>
<method-permission>
<description></description>
<role-name>DO_EVERYTHING</role-name>
<method>
<ejb-name>Component</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
<method-permission>
<description></description>
<role-name>family</role-name>
<method>
<ejb-name>CANNOT_CREATE</ejb-name>
<method-intf>Remote</method-intf>
<method-name>*</method-name>
</method>
</method-permission>
</assembly-descriptor>
...
What the above says is "There are 2 roles, DO_EVERYTHING and CANNOT_CREATE.
DO_EVERYTHING can do everything and CANNOT_CREATE can execute all of the
methods on the remote interface". Remember that there are no create methods
on the Remote interface.
In weblogic-ejb-jar.xml we map the roles to the principals
...........
<security-role-assignment>
<role-name>DO_EVERYTHING</role-name>
<principal-name>superuser</principal-name>
</security-role-assignment>
<security-role-assignment>
<role-name>CANNOT_CREATE</role-name>
<principal-name>family</principal-name>
</security-role-assignment>
.....
My advice: Dont use the EJB Deployer Tool, just learn to do things manually.
This makes you somewhat more product independent (the EJB Deployer Tool
doesnt exist in WebLogic 6) and also more vendor independant.
Also note that the names of the ROLES can be different from the actual
principal (user/group) name.
Hope this Helps,
-Rob
--
Robert Castaneda
[EMAIL PROTECTED]
http://www.customware.com
-----Original Message-----
From: A mailing list for Enterprise JavaBeans development
[mailto:[EMAIL PROTECTED]]On Behalf Of Kosigi Gururaj
Sent: Thursday, March 22, 2001 9:33 PM
To: [EMAIL PROTECTED]
Subject: Re: Regarding method permission
Hi Rob Castaneda
Thanx for u r reply .
But I want only one user say SUPER user to have te permission to create the
EJB.
In that case how will I do
Thanx in advance
-----Original Message-----
From: Rob Castaneda [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 22, 2001 11:19 PM
To: [EMAIL PROTECTED]
Subject: Re: Regarding method permission
Hi Gururaj,
I believe that your weblogic-ejb-jar.xml should be as follows:
...........
<security-role-assignment>
<role-name>family</role-name>
<principal-name>family</principal-name>
</security-role-assignment>
.....
If you want all the family members to create the bean.
regards,
-Rob
--
Robert Castaneda
[EMAIL PROTECTED]
http://www.customware.com
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
