MDB Security--Ok, but why?

rp28 Sep 25, 2003 12:35 PM

What are the motivations behind the way security works with message driven beans?

It seems desirable to me--and from the number of postings here and elsewhere--to others as well that a MDB invocation should assume the same security credentials as the user who invoked it.

I assume there is a design reason why this is not desirable or atleast not part of the spec?

I can also certainly see a case where you could want to force a MDB to run as a particular role regardless of who invoked it, but it seems like that should be the exception.

1. Re: MDB Security--Ok, but why?

adrian.brock Sep 25, 2003 12:38 PM (in response to rp28)

The security is on the send.

The MDB can assume that if the message is in the queue,
the person had authority to put it there.

The MDB is "invoked" by the JMS Server not the user.

Regards,
Adrian
Actions
2. Re: MDB Security--Ok, but why?

rp28 Sep 25, 2003 1:07 PM (in response to rp28)

But what about the case where the MDB makes a change to a specific entity that a user may or may not have access to?

It seems to me that currently it is the requirement of the caller to make that security check before sending the request.

That may be OK, but it certainly leads to the possibility that the developer of a future request might forget that requirement and introduce a security issue.

Obviously, if every call was made through another piece of code that did the check it is less of an issue, but it still seems undesirable to me.
Actions
3. Re: MDB Security--Ok, but why?

adrian.brock Sep 25, 2003 1:11 PM (in response to rp28)

If you want that processing, get the sender to pass
a user and password in the message.
Then make the mdb perform a login before doing
any processing.

Regards,
Adrian
Actions

Go to original post