Implement clases conforming to the EJBUserManager API and overide the permission 
checking methods with logic that does that kind of checking ...  then deploy like so:


-----Original Message-----
From: Pletka, John [mailto:[EMAIL PROTECTED]]
Sent: 13 May 2002 09:25 PM
To: Orion-Interest
Subject: Dynamic Proxies for remote interface wrapper?

I'm trying to integrate a third-party security product that allows rules
like "can only call methodX on objectY between 9:00 am and 5:00 pm".  It
ties into Weblogic and WebSphere cleanly, but does not have a way to get
into orion.  What I would like to be able to do is either:
        1) setup my ejb-jar.xml file to point to a Dynamic Proxy class that
could do the security checks before forwarding the call on to the real class
        2) or somehow override the wrappers that orion generates with my own

Does anyone know of a way to do this?  I can see the java code orion creates
for the wrappers (
That would be a perfect place to place the code if it was allowed.  It looks
like it uses a class "com.evermind.server.RuntimeSecurityRole" to test
whether the call is allowed or not.  I could probably hack this class and
override the logic, but I would think there would be a legitimate way of
accomplishing this.

Reply via email to