• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Liutauras Vilda
  • Campbell Ritchie
  • Tim Cooke
  • Bear Bibeault
  • Devaka Cooray
Sheriffs:
  • Jeanne Boyarsky
  • Knute Snortum
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Ganesh Patekar
  • Stephan van Hulst
  • Pete Letkeman
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Ron McLeod
  • Vijitha Kumara

Security in EJB  RSS feed

 
Ranch Hand
Posts: 208
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
I have a servlet which in turn access the EJB and executes a method in the EJB. The method is given permission only for the user belonging to the role "employee".
User logins to my application using servlet.Now i want to assign role to that user so that he should be able to call the method in EJB. How do i do this.
Also after assigning the "employee" role to the user in my servlet/client layer how does it get propagated to the EJB layer. Can i do this implicitly using any of the container provided services ? if yes how do i do this
 
Ranch Hand
Posts: 401
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Set security constraints on the servlet - this will make the user log in (if they are not already). Doing this will ensure they are in the right role and you will not have to write any code.
In web.xml, something like this:

If that is somehow not right, then maybe you can set the run-as mode on the EJB (2.0) so the EJB is run as an employee even if they are not logged in at the webapp. It doesn't sound right to me, but maybe its what you want.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!