• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Assigning EJB permissions to private methods ?

 
Ranch Hand
Posts: 782
Python Chrome Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Oreilly's EJB2 book says:


All the methods defined in the remote or home interface and all superinterfaces, including the methods defined in the EJBObject and EJBHome interfaces, can be assigned security roles in the <method-permission> elements. Any method that is excluded will not be accessible by any security role.


I have created a private method in my Stateless Session Bean. Can I assign permissions to methods which are (1) private (2) not exported in the remote nor local interface ? Will they work ?
Regards,
Pho
 
author
Posts: 3892
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
By definition, a private method cannot be defined in an interface. Therefore you can't assign a security permission to it. In particular, the Java language specification (section 9.4) states in regard to method declarations in interfaces that the only acceptable method modifiers are public and abstract.
Kyle
[ April 30, 2004: Message edited by: Kyle Brown ]
 
author
Posts: 181
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
And for you second question, you can only assign permissions to method on the Local or Remote Interface because these methods are called by the client through proxies that go through the container and do the check before going into your Bean.
Methods that are on the Bean class that are not part of any of the client interfaces can only be called by the bean itself (Unless you instantiate the class yourself but then it is a plain Java class not mananged by the container).
reply
    Bookmark Topic Watch Topic
  • New Topic