This week's book giveaway is in the iOS forum.
We're giving away four copies of Classic Computer Science Problems in Swift and have David Kopec on-line!
See this thread for details.
Win a copy of Classic Computer Science Problems in Swift this week in the iOS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Security in EJB  RSS feed

 
Ranch Hand
Posts: 208
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
I have a servlet which in turn access the EJB and executes a method in the EJB. The method is given permission only for the user belonging to the role "employee".
User logins to my application using servlet.Now i want to assign role to that user so that he should be able to call the method in EJB. How do i do this.
Also after assigning the "employee" role to the user in my servlet/client layer how does it get propagated to the EJB layer. Can i do this implicitly using any of the container provided services ? if yes how do i do this
 
Ranch Hand
Posts: 401
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Set security constraints on the servlet - this will make the user log in (if they are not already). Doing this will ensure they are in the right role and you will not have to write any code.
In web.xml, something like this:

If that is somehow not right, then maybe you can set the run-as mode on the EJB (2.0) so the EJB is run as an employee even if they are not logged in at the webapp. It doesn't sound right to me, but maybe its what you want.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!