security question


EJB programming & troubleshooting: security question

  1. security question (2 messages)

    I have developed an EJB centric application and I have specified the method permitions for different roles.

    The problem is that I must set the role of a user when he logs in in the front controller SFSB, for this purpose the client (jsp) uses a method login(username, password) in the remote interface of the Controller session bean , which retrieves from the database its role or null if he is not authentificated.

    Now how can I set the users role so that the container would know how to give him access to different methods?

    Thank you in advance,

    Threaded Messages (2)

  2. security question[ Go to top ]

    I would reccommend using the authentication infrastructure provided by your app server vendor, instead of inventing your own. Otherwise tying the roles to the ejb methods may not be possible. For weblogic, if you use RDBMSRealm for authentication, you could use your own tables for user name, password etc.

  3. security question[ Go to top ]

    I am using Orion 1.5.2 (
    Thank you,
    I shall look into it.