The point was to use the facade pattern. Only access the entity bean in the
slsb, and use slsb methods from the servlet or client to mutate date AND get
data. You can also use authentication role's on your slsb methods to
restrict or prevent access.
This is what we on our www.elephantwalker.com site. We never access an
entity bean directly from a servlet, but use a slsb to do this. This way we
are sure that the correct business methods are be used and coordinated.
Even if we tried to access an entity bean method, we wouldn't be able to
look up the context of the entity bean in the servlet.
Regards,
the elephantwalker
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Eddie Post
Sent: Saturday, September 15, 2001 1:33 PM
To: Orion-Interest
Subject: RE: Restricting access to only Session Manager ?
Elephantwalker,
Thanks (see below)
>an ejb reference. This means that your container will not allow you to get
>the context for your entity ejb, so you won't be able to call any methods
>from the client.
But then I also can't call the entity get methods ??, or can I ?. Which is
what I want.
Eddie
>From: "The elephantwalker" <[EMAIL PROTECTED]>
>Reply-To: Orion-Interest <[EMAIL PROTECTED]>
>To: Orion-Interest <[EMAIL PROTECTED]>
>Subject: RE: Restricting access to only Session Manager ?
>Date: Sat, 15 Sep 2001 09:31:55 -0700
>
>Eddie,
>
>Use your slsb or sfsb (the session manager) as your facade to the ejb for
>all access. In your web.xml or client.xml, only refer to the slsb or sfsb
>as
>an ejb reference. This means that your container will not allow you to get
>the context for your entity ejb, so you won't be able to call any methods
>from the client.
>
>You can control security on your session manager by creating security
>constraints for each method, or for method name patterns. This way, you can
>allow the "client" role access to methods which get*, and "mutator" role
>access to methods change*.
>
>In orion, you map the roles to groups (role is a j2ee idea, whereas groups
>is an Orion deployment specification). The groups are defined in the
>principals.xml file of the META-INF directory for the ear file. The group
>to
>role mapping is defined in all of the orion-*.xml files such as
>orion-ejb-jar.xml, orion-web.xml, orion-application.xml. This allows the
>same group to be assigned to different roles in different applications...a
>good idea when you think that various jar/war/ear files may be from
>different vendors, and have different names for their j2ee roles.
>
>
>regards,
>
>the elephantwalker
>
>
>-----Original Message-----
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED]]On Behalf Of Ed Bras
>Sent: Saturday, September 15, 2001 3:09 AM
>To: Orion-Interest
>Subject: Restricting access to only Session Manager ?
>
>
>Hellu,
>
>How can I configure Orion and my J2EE application such that client
>applications are only able to call the get methods of the entity beans ?
>I want that all modification are done throw the Session Manager. The
>Session manager functiones as an intermediate to the entity beans.
>I am using CMP on Orion 1.5.1 with Java 1.3.
>
>Eddie
>
>
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
