All my business processes are mapped to one or more methods on session beans and each session bean has a security descriptot parameter so that I can authenticate the caller of the method.
The session bean methods generally use one or more entity beans to fulfill their business role. What I would like to do is make these entity beans private, as currently they are available through the normal JNDI lookup and a home interface.
Is it possible to tell JNDI to give access to entity beans from session beans only ?
Can JNDI be configured perhaps for password access to home interfaces ?
Is this vendor specific code ?
Thanks.
-
Restricing Access to Entity Beans (2 messages)
- Posted by: Ian Purton
- Posted on: December 04 2000 14:15 EST
Threaded Messages (2)
- Restricing Access to Entity Beans by Dave Wolf on December 05 2000 14:48 EST
- Restricing Access to Entity Beans by Tarek Hammoud on December 17 2000 20:20 EST
-
Restricing Access to Entity Beans[ Go to top ]
- Posted by: Dave Wolf
- Posted on: December 05 2000 14:48 EST
- in response to Ian Purton
You can control access via the Access Control Lists provided by your container. Simply create a user say "interal" that makes the call from the session bean (Context.SECURITY_PRINCIPAL) then place him into an ACL which is then applied to the EntityBean.
This is all handled logically in your bean then mapped to a vendor specific implementation in the specific container.
See EJB 1.1 and J2EE specs for details.
Dave Wolf
Internet Applications Division
-
Restricing Access to Entity Beans[ Go to top ]
- Posted by: Tarek Hammoud
- Posted on: December 17 2000 20:20 EST
- in response to Dave Wolf
How does the session reset the principle to "internal" before calling the entity ?