To continue the topic, in order to implement this, we had to deny access to
remove() to
all users declaratively. As soon as we did it, we couldn't call
ctx.getEJBObject().remove() from
our delete() method...
Has anybody a good solution to it?
Might new security interceptor framework help?
Alexander Klyubin
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Alexander Klyubin
Sent: Tuesday, February 27, 2001 09:47
To: Jboss-User
Subject: [jBoss-User] Implementing security in ejbRemove()
Hi!
We've been pondering for a while, how to implement programmatic security
checks for
removing entity bean instance. In ejbRemove you can only throws system
exceptions.
Security exceptions are, in our case, application exceptions.
The only solution we came up with is to deny access to remove()
declaratively and
make clients use a business method (e.g.: delete()) that performs checks,
throws
application exceptions and only if everything's fine calls
EJBObject::remove().
What do you think of this?
Alexander Klyubin
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
List Help?: [EMAIL PROTECTED]
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
List Help?: [EMAIL PROTECTED]
