AppletTalk.com Java discussions newsgroups   Archives   FAQ   Search   Memberlist   Usergroups   Register   Profile   Log in to check your private messages   Log in  Role based access control for EJB Methods (EJB 3.0) - HELP N          AppletTalk.com Forum Index -> JavaBeans View previous topic :: View next topic   Author Message zets Guest Posted: Mon Mar 05, 2007 1:33 am    Post subject: Role based access control for EJB Methods (EJB 3.0) - HELP N hi, I'm fairly new to EJB and java security, and I'm bumping my head against the wall trying to understand what the right way to do what I want. My questions are these: 1. Is JAAS the right thing for specifying roles required for executing an EJB method? if so how do I define for example, that the method foo() on the bean A requires an admin role?, how is the permission checked? I was under the impression that the check is done by creating a new EJBMethodPermission and calling the SecurityManager.checkPermission with it, but I may be confused. 2. If the standard role based access control is not enough for my use case and I need to extend it (in the way specified below), how can I do it in the most standard and least app server dependent way? Can I extend somehow EJBMethodPermission, and let JAAS use it? 3. One other option I thought about was to write my own interceptor and disable the rest of the authorization checks, but this is probably not the right thing, as it may create security violations of other types. The role based access control I want to support is this: users has a default role, and may also have roles on scopes. Scope is a set of identities of objects. When the user is about to invoke a method on an EJB, I would like to extract from the method parameters, the scope, and from that scope I can infer what is the user's role on that scope, and then compare that role, with the role that is required for calling the method. If the user is allowed to call the method the call will proceed, otherwise, some exception will be thrown. I really need some help in understanding that, because I seem to have had some mis-concept of what can/should be done with JAAS. Thanks! Back to top Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First         AppletTalk.com Forum Index -> JavaBeans All times are GMT Page 1 of 1   Jump to: Select a forum Java Newsgroups----------------Java DiscussionsWeb-based java games comp.lang.java 3D Graphics API's for Java Java: Support and criticism Java System Announcements comp.lang.java.api JavaBeans Java and CORBA Java and Databases comp.lang.java.developer Java GUI Toolkits Java Help comp.lang.java.javascript JVM, native methods and hardware comp.lang.java.misc Java Language Programming Security and Java comp.lang.java.setup Java Software Tools comp.lang.java.tech ibm.software.java.linux  Non-English Java Newsgroups----------------Java Language (German)Language Java (Français)Java (Italian)  You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum Powered by phpBB © 2001, 2006 phpBB Group SEO toolkit © 2004-2006 webmedic.