• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Liutauras Vilda
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Saloon Keepers:
  • Scott Selikoff
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
  • Frits Walraven
Bartenders:
  • Stephan van Hulst
  • Carey Brown

Protecting EJBs for public use

 
Ranch Hand
Posts: 74
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,
in our organisation we are developing several J2EE applications which are deployed on one appserver.
Some of the EJBs are shared across the enterprise applications, some are used internaly only.
How can I control which EJB is used inside an .EAR only and which EJB can be used by other .EARs.?
I've seen some security configurations in the deployment descriptors, but these are based on users and roles not applications.
 
author
Posts: 11962
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can use Local interfaces (instead of Remote) for those EJBs you don't want to expose to others.
 
Peter Storch
Ranch Hand
Posts: 74
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
But in our enterprise applications we need to use the EJBs from the webcontainer. So they have to be remote.
 
Ranch Hand
Posts: 662
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Using EJBs from a web container is not going to restrict them to be local to the best of my knowledge.
 
Ranch Hand
Posts: 8946
Firefox Browser Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

But in our enterprise applications we need to use the EJBs from the webcontainer. So they have to be remote.


Is it possible to have your war and ejb jar in the same ear file?
Is the web container and EJB container running in different machines.
[ September 18, 2003: Message edited by: Pradeep Bhat ]
 
Lasse Koskela
author
Posts: 11962
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you don't want to or you can't use the local interface approach, I think your options come down to a) deploying a firewall, and b) EJB security.
 
Peter Storch
Ranch Hand
Posts: 74
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Pradeep Bhat:

Is it possible to have your war and ejb jar in the same ear file?
Is the web container and EJB container running in different machines.


Yes, our war and the ejb jar are deployed within the same ear.
Due to a redundant environment we can't be sure that the EJBs "live" in the same JVM than the web classes.
 
Peter Storch
Ranch Hand
Posts: 74
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Lasse Koskela:
If you don't want to or you can't use the local interface approach, I think your options come down to a) deploying a firewall, and b) EJB security.


a)
I don't think a firewall can be deployed between two .ear in one Appserver, can it? Or do you think of a programatic firewall in our EJBs?
b)
How is that done? How can I configure EJB security, so EBJs within one .ear are freely acessible but not all EJB from the outside?
Do I have to invent a technical user for the other .ear applications to access my EJBs?
 
Lasse Koskela
author
Posts: 11962
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

I don't think a firewall can be deployed between two .ear in one Appserver, can it?


True, I forgot the requirement for preventing access from .ears on the same server...

How is that done? How can I configure EJB security, so EBJs within one .ear are freely acessible but not all EJB from the outside?
Do I have to invent a technical user for the other .ear applications to access my EJBs?


That's what I envisioned. Creating a user/role such as "WithinSameApplication". Of course that's still a "soft" restriction because external applications can connect if they know the username/password...
 
Switching from electric heat to a rocket mass heater reduces your carbon footprint as much as parking 7 cars. Tiny ad:
Smokeless wood heat with a rocket mass heater
https://woodheat.net
reply
    Bookmark Topic Watch Topic
  • New Topic