Suppose I have XYZ bean and want to secure access to the bean by granting rights to A,B,C roles and denying access rights to others. Can anyone please explain
How to create roles?
How to associate users with the roles?
How to create users (where are the user names and passwords specified?)
How to secure the bean (both programatically and declaratively)?

What should be specified in each of the deployment descriptors, weblogic.properties and what is UBBCONFIG file (is it mandatory to have one)?

Where do i specify security credentials and principals?
Thanks

How to create roles?
** This is not specified in the EJB spec and depends entirely on the product you are using. bea.com should have information on this.

How to associate users with the roles?
** Again, not specified in the spec, up to the product. bea.com should tell you.


How to create users (where are the user names and passwords specified?)
** As above! In WebLogic you create users by saying something like weblogic.user.USERNAME=PASSWORD. (I might have the weblogic.user bit wrong, take a look on bea.com)

How to secure the bean (both programatically and declaratively)?
** You shouldn't need to do it programatically. You need to specify the role requirements in the deployment descriptor. WebLogic 5.1.0 ships with a (not very good) deployment tool and this contains the appropriate interface to let you throw one together. Once that's done, take a look at the resulting .xml files for the descriptor.

Basically, the first three things are done in weblogic.properties (in 5.1.0 anyway) and the last one goes in the DD.

Hope that helps

Chz

Tony

Hi tony.

Well what i read was there is a UBBCONFIG file which is required for Role to USEr Mapping ..Are u aware of that ..Becasue no where in weblogic-properties i could find a place where i cld create role..I am aware of where to create user ....But no idea where to create role ..Because in the Deployment Descriptor ejb-jar.xml we have element tag <assembly descriptor > where i need to sepcify the role

- <assembly-descriptor>
- <security-role>
  <description />
  <role-name>Manager</role-name>
  </security-role>
  </assembly-descriptor>

and in weblogic-ejb-jar.xml we have

- <security-role-assignment>
  <role-name>Manager</role-name>
  <principal-name>guest</principal-name>
  </security-role-assignment>
so where do i give this mapping ....

Hi tony,

Well by making those modifications in my DD XML of which i have send the snippet above my code works ..In my client i am doing like this


public static Context getInitialContext() throws NamingException
{
Properties p = new Properties();
p.put( Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
p.put(Context.PROVIDER_URL, url);
p.put(Context.SECURITY_PRINCIPAL,"Rinku");
p.put(Context.SECURITY_CREDENTIALS, "RinkuPassword");
}
return new InitialContext(p);
}

and if i give a wrong user id nd pwd it gives me Authenticationexception ....
*****
But what i want to know where is role which i assigned as Manager being used ....I dont wnat to put userid and pwd .rather i want o use ROle for access control

Any clues
thanks in advance
Rinku