Forgive me if this is a no-brainer for you guys, but I've read all kinds
of books on EJB and have yet to find an answer for this...
>From what I've learned of security in EJB, if one EJB calls a method on
another EJB, the Principal of the original call is propagated to the
second one.
This seems problematic to me. For example, lets say we have an entity bean
called EBean, and a session bean called SBean, and a user named John.
John calls a method on SBean, which calls a method on EBean. If John does
not have access to that method on EBean, the call on SBean will eventually
fail, right?
So in order for John to call the method on SBean, he has to have access to
the methods that SBean calls on EBean as well. Well, if he has access,
then he can call those methods on EBean directly. But what if want to
force him to go through your session beans rather than use the Entity
beans to manipulate data directly? By utilizing his access to EBean, he
could destroy the integrity of a relational database, right?
EJB 1.0, I read, has a "runas" attribute in it's deployment descriptor
which was removed in EJB 1.1? It seems that this would be the solution to
the problem, _if_ it still existed in 1.1. Then you just allow access to
your Entity beans from a role named "internal", then have your deployed
beans assume that "internal" role, thus giving deployed beans, but noone
else, access to internal resources such as entity beans.
If anyone has an answer to this, I'd be greatly appreciative.
Thanks!
David Green
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
