• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Liutauras Vilda
  • Bear Bibeault
  • Tim Cooke
  • Junilu Lacar
  • Paul Clapham
  • Devaka Cooray
  • Knute Snortum
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Frits Walraven
  • Carey Brown
  • salvin francis
  • Claude Moore

Security in EJB  RSS feed

Ranch Hand
Posts: 208
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
I have a servlet which in turn access the EJB and executes a method in the EJB. The method is given permission only for the user belonging to the role "employee".
User logins to my application using servlet.Now i want to assign role to that user so that he should be able to call the method in EJB. How do i do this.
Also after assigning the "employee" role to the user in my servlet/client layer how does it get propagated to the EJB layer. Can i do this implicitly using any of the container provided services ? if yes how do i do this
Ranch Hand
Posts: 401
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Set security constraints on the servlet - this will make the user log in (if they are not already). Doing this will ensure they are in the right role and you will not have to write any code.
In web.xml, something like this:

If that is somehow not right, then maybe you can set the run-as mode on the EJB (2.0) so the EJB is run as an employee even if they are not logged in at the webapp. It doesn't sound right to me, but maybe its what you want.
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!