• Post Reply Bookmark Topic Watch Topic
  • New Topic

Security in EJB

 
Hari babu
Ranch Hand
Posts: 208
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
I have a servlet which in turn access the EJB and executes a method in the EJB. The method is given permission only for the user belonging to the role "employee".
User logins to my application using servlet.Now i want to assign role to that user so that he should be able to call the method in EJB. How do i do this.
Also after assigning the "employee" role to the user in my servlet/client layer how does it get propagated to the EJB layer. Can i do this implicitly using any of the container provided services ? if yes how do i do this
 
Dave Landers
Ranch Hand
Posts: 401
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Set security constraints on the servlet - this will make the user log in (if they are not already). Doing this will ensure they are in the right role and you will not have to write any code.
In web.xml, something like this:

If that is somehow not right, then maybe you can set the run-as mode on the EJB (2.0) so the EJB is run as an employee even if they are not logged in at the webapp. It doesn't sound right to me, but maybe its what you want.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!