• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Security and EJB

 
Ranch Hand
Posts: 208
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,
In my EJB I can specify the method execution permission for a particular role. Suppose i have a servlet client which access the EJB, and my servlet validates an user against my database specific to my application. When the user is authenticated, how will the Servlet know which role to assign the authenticated user? Is it the same role, i need to specify in my EJB deployment descriptor and how does it get propagated to the EJB layer ? So that the authenticated user will be able to execute the EJB method.
Please help
Hari
 
Ranch Hand
Posts: 401
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The best way to handle this is to let the appserver do it. Use J2EE security to get your user logged into the webapp. Then the credentials will automatically be passed to the ejb container.
If for some reason you have to do authentication/authorization yourself, then I think you have two choices.
You could use something specific to your appserver (or JAAS if its supported) to log your user in.
Or when you look up the EJB you will need to supply the credentials in the jndi properties passed to the InitialContext.
The Role really doesn't matter, as this is just a way to describe the permissions to the ejb container. You just need to make sure that the user that is logged into the webapp also has permission to run the ejb method (is in the proper ejb role).
 
I like tacos! And this tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic