1 Reply Latest reply on Nov 1, 2003 10:44 AM by juha

    methods access & security

    alexandru

      Hi!
      i have a few questions/problems:
      i'm working on RMH book, first example.i made one called Agenda, everything is ok, but i can't make restrictions on methods.for example, in client side i have soemthing like this:
      public static Context getInitialContext()
      Properties p = new Properties();
      p.put(Context.SECURITY_PRINCIPAL,"coyote");
      p.put(Context.SECURITY_CREDENTIALS,"alexis");
      return new javax.naming.InitialContext(p);
      }

      and in Meta-Inf /ejb-jar.xml i have

      ...
      <enterprise-beans>
      ....
      <security-identity>
      <use-caller-identity/>
      </security-identity>
      ....
      </enterprise-beans>
      <assembly-descriptor>
      <security-role>
      <role-name>coyote</role-name>
      </security-role>
      <method-permission>
      <role-name>coyote</role-name>

      <ejb-name>AgendaEJB</ejb-name>
      <method-name>*</method-name>

      </method-permission>
      </assembly-descriptor>

      the problem is that i can execute the client code, i mean i have access to methods even i change the name(from coyote to coyotea let say)

      PS: i want to restrict access from ejb-jar.xml as i saw in RMH ejb 2nd edition.isn't possible on jboss?

      (btw, RMH 4th edition covering ejb 2.1 spec. is UP and you can find first 8 chapters for free on theserverside.com)

      thank you folks for any help.
      Alexandru.

        • 1. Re: methods access & security

          You can't enable security by using ejb-jar.xml descriptor alone, you will also need jboss.xml to configure a security domain and possibly JAAS configuration for that domain in jboss login-config.xml.

          Check the JBoss workbook that comes with the 3rd edition of RMH EJB book.

          -- Juha