Discussions

EJB programming & troubleshooting: Security and EJB's

  1. Security and EJB's (6 messages)

    Hi ppl!!

    In my application i have certain users and these users can be grouped on various roles. So i was planning to use the method level security features of EJB (Weblogic 5.1). Further the application could have around 100 plus users.

    What i want should happen is:
    At the time of deploying the beans i should specify privileges for various methods according to the role (not a user). As i can add or delete user dynamically. Further the server is required to authenticate the user from a database table as the usernames and passwords would be stored in a database and not in the "weblogic.properties" file. By this i would be able to create new users dynamically without either redeploying or restarting the server.

    I would highly appreciate if i could get some ideas as how to go about this. I am using Weblogic 5.1.

    TIA
    Pankaj

    Threaded Messages (6)

  2. Security and EJB's[ Go to top ]

    You need to extend or replace the weblogic security realm. You can read more about how to do this from the weblogic documentation:
    http://www.weblogic.com/docs51/classdocs/API_acl.html

    You might be able to use their RdbmsRealm example as is, or at least as a starting point.

    You might also want to check out the weblogic newsgroup on security.
  3. Security and EJB's[ Go to top ]

    Hi Rino!
    Thanks for ur reply. Have already started the RdbmsRealm example. But am facing a problem still. At the time of deploying the bean Weblogic expects me to enter Roles(which is perfect) and also the Principal(which makes no sense) and i want to avoid hardcoding the members of this role(or group).
    Am still in the dark as how to remove the interdependence of the user at the time of deployment and only give my security constraints on the basis of groups(or roles).

    Kindly reply at the earliest.
    TIA
    Regards
    Pankaj
  4. Security and EJB's[ Go to top ]

    When deploying your bean, you should be able to specify just the group name. Group actually extends Principal. The groups and the members thereof should be defined in a separate table. In the RdbmsRealm example, this table is called "groupmembers". This is where you map which users belong to which groups.
  5. Security and EJB's[ Go to top ]

    yup...even i believe that i shud b able to do that.
    actually the example does everything related with the database like creating users, groups and even ACL's.

    but when i make my bean and try to deploy it with only giving the roles....it gives an error saying that i also need principal, which i believe is nothing but users in that group. so to make the bean run successfully it forces me to enter both the roles and principal, which just disturbs the beautiful picture.

    i guess i must b missing out something crucial as it seems to b simple but just refuses to go as it shud.

    further it does authorize and authenticate using the database which is exactly what i want.
    thanks for the concern.....but plz. make it run somehow....i have lost all ideas also by now......
  6. Security and EJB's[ Go to top ]

    In weblogic 5.1, it appears that EJB roles are independent of the weblogic server security groups. However, the DeployerTool allows you to map one to the other. Read this documentation:

    http://www.weblogic.com/docs51/classdocs/API_ejb/EJB_deploy.html#1024896

    What this means is that you define the EJB roles and map them to the appropriate groups in your security realm.
  7. Security and EJB's[ Go to top ]

    Thanks for ur inputs.
    But finally by hook or crook i have made it running.
    Thanks once again
    Regards
    Pankaj