• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Access restriction on application classes

 
Christophe Monnet
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi,
We are developing a EJB-based business application which publishes an
API for the Client application. These APIs are actually the methods of
the EJBRemote objects. The processing flow for any API call from the
Client application is as follows:
Client application -> Session Bean -> Business Object (which does
Validation) -> Business Object (which interacts with the Data access
layer) -> Data access layer.
Now, is it possible to restrict the Client application from directly
calling the Business Object (which interacts with the Data access
layer) without calling the Session Bean layer (thus breaking our
application). In other words, can we force the Client application to
call only our Session Beans?
Since we are hosting our application on an application server
(Weblogic, Websphere etc), the Client may use this application server
for hosting other applications as well; hence we have limited control
on the application server behaviour.
Any idea is welcome.

Regards
Sandeep
 
Kyle Brown
author
Ranch Hand
Posts: 3892
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It seems to me like not allowing the JAR files that contain the business objects to be installed on the client machines would work fine.
Another option would be to (perhaps) include a check in the top-level business object for something that can only be provided by the Session EJB (perhaps the EJB context).
Kyle
------------------
Kyle Brown,
Author of Enterprise Java (tm) Programming with IBM Websphere
See my homepage at http://members.aol.com/kgb1001001 for other WebSphere information.
[This message has been edited by Kyle Brown (edited October 25, 2001).]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic