I'm trying to integrate a third-party security product that allows rules like "can only call methodX on objectY between 9:00 am and 5:00 pm". It ties into Weblogic and WebSphere cleanly, but does not have a way to get into orion. What I would like to be able to do is either: 1) setup my ejb-jar.xml file to point to a Dynamic Proxy class that could do the security checks before forwarding the call on to the real class 2) or somehow override the wrappers that orion generates with my own code.
Does anyone know of a way to do this? I can see the java code orion creates for the wrappers (RemoteInterfaceName_StatelessSessionBeanWrapperXXX.java.) That would be a perfect place to place the code if it was allowed. It looks like it uses a class "com.evermind.server.RuntimeSecurityRole" to test whether the call is allowed or not. I could probably hack this class and override the logic, but I would think there would be a legitimate way of accomplishing this.