Magnus,
We are trying to find a way to handle user authorization at the entity-bean level to
be able to restrict access to methods at the lowest level.
However we dont want to use users/group in the J2EE 'manner' but rather provide our
own user-management. Orion got a wonderful interface to dynamically add/remove users
and groups but it isn't as fine grained as we'd prefer to have it.
Our first problem was to 'transfer' the logged in user-id from the servlet layer to
the ejb-layer, thus we tried to send it via the sessioncontext/entitycontext and
failed because we can insert values into the properties via <Properties>.put(
"myUser", szUser ) and send it using InitialContext( <Properties> ).lookup( ... ) but
are unable to retieve them at the bean (resulting in an empty property set).
We tried as well to declare the property we want to set in the <env-entry> tag in the
deployment descriptor but are unable to alter the value from a servlet/jsp and send
the new value back to the ejb always resulting in the value we defined in the
deployment descriptor (assuming now its readonly). Is it correct, that you can not put
any properties into the sessioncontext in the servlet and retrieve it inside the
sessionbean??? Are there any methods or workarounds to send/store session
(httpsession) specific information from the servlet to a stateless session bean or
entity bean? Or other ways to send the UserId to a stateless sessionbean/entity bean
for verification without sending it as method arguments???
Maybe we are on a total wrong track. Our first try was to send additional user
information to an entity bean but we failed on providing parameters to the
ejbRemove/Load/Store methods. Basically our problem is wanting to know who is calling
the entity bean and granting/denying access based on the caller.
In hope of a reply for this non-trivial-to-formulate-question :)
Wolf & Markus
On Mon, Aug 28, 2000 at 01:49:19PM +0200, Magnus Rydin wrote:
> Hi there.
> I guess you are talking about the env-entry Tag from the Taglib tutorial?
> The env-entry displays a environment entry.
> The environment entry is for the whole environment of your app, so its not
> suitable for user specific data.
>
> If there is something you dont understand about that lesson, please let me
> know and I'll try to improve it when I find the time.
> WR
>
>
>
> > -----Original Message-----
> > From: WebDev [mailto:[EMAIL PROTECTED]]
> > Sent: den 28 augusti 2000 13:10
> > To: Orion-Interest
> > Subject: How does the <env-entry> tags work?
> >
> >
> > Does anyone know how this tag works & what it really does?
> >
> > Is it possible to define a property with that, so that I can pass
> > individual data (e.g. UserId) - and NOT UserGroups (like
> > SECURITY_PRINCIPAL)?
> >
> > What I'd like to do with that is passing data (set in the
> > client) to my
> > EJBs (Server)!
> >
> > Could maybe someone post a little example?
> >
> > Thanks in advance!
> > Wolf
> >
> >
> >
