RE: Dynamic Proxies for remote interface wrapper?
Implement clases conforming to the EJBUserManager API and overide the permission checking methods with logic that does that kind of checking ... then deploy like so: http://www.orionsupport.com/articles/ejbusermanager.html Justin -Original Message- From: Pletka, John [mailto:[EMAIL PROTECTED]] Sent: 13 May 2002 09:25 PM To: Orion-Interest Subject: Dynamic Proxies for remote interface wrapper? I'm trying to integrate a third-party security product that allows rules like can only call methodX on objectY between 9:00 am and 5:00 pm. It ties into Weblogic and WebSphere cleanly, but does not have a way to get into orion. What I would like to be able to do is either: 1) setup my ejb-jar.xml file to point to a Dynamic Proxy class that could do the security checks before forwarding the call on to the real class 2) or somehow override the wrappers that orion generates with my own code. Does anyone know of a way to do this? I can see the java code orion creates for the wrappers (RemoteInterfaceName_StatelessSessionBeanWrapperXXX.java.) That would be a perfect place to place the code if it was allowed. It looks like it uses a class com.evermind.server.RuntimeSecurityRole to test whether the call is allowed or not. I could probably hack this class and override the logic, but I would think there would be a legitimate way of accomplishing this.
RE: Dynamic Proxies for remote interface wrapper?
The orion-ejb-jar has the wrapper class noted. You can replace this class with your own, as long as you forward to the wrapper. With kind regards, the elephantwalker www.elephantwalker.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Pletka, John Sent: Monday, May 13, 2002 12:25 PM To: Orion-Interest Subject: Dynamic Proxies for remote interface wrapper? I'm trying to integrate a third-party security product that allows rules like can only call methodX on objectY between 9:00 am and 5:00 pm. It ties into Weblogic and WebSphere cleanly, but does not have a way to get into orion. What I would like to be able to do is either: 1) setup my ejb-jar.xml file to point to a Dynamic Proxy class that could do the security checks before forwarding the call on to the real class 2) or somehow override the wrappers that orion generates with my own code. Does anyone know of a way to do this? I can see the java code orion creates for the wrappers (RemoteInterfaceName_StatelessSessionBeanWrapperXXX.java.) That would be a perfect place to place the code if it was allowed. It looks like it uses a class com.evermind.server.RuntimeSecurityRole to test whether the call is allowed or not. I could probably hack this class and override the logic, but I would think there would be a legitimate way of accomplishing this.