Hi All, I have a servlet which in turn access the EJB and executes a method in the EJB. The method is given permission only for the user belonging to the role "employee". User logins to my application using servlet.Now i want to assign role to that user so that he should be able to call the method in EJB. How do i do this. Also after assigning the "employee" role to the user in my servlet/client layer how does it get propagated to the EJB layer. Can i do this implicitly using any of the container provided services ? if yes how do i do this
Set security constraints on the servlet - this will make the user log in (if they are not already). Doing this will ensure they are in the right role and you will not have to write any code. In web.xml, something like this:
If that is somehow not right, then maybe you can set the run-as mode on the EJB (2.0) so the EJB is run as an employee even if they are not logged in at the webapp. It doesn't sound right to me, but maybe its what you want.