This content has been marked as final.
Show 2 replies
-
1. Re: Security of CMP
starksm64 Feb 9, 2005 1:03 PM (in response to artemgolubev)The j2ee security model is role based and does not allow for constraints based on state of the call or target object. This can be done using a custom security interceptor in the ejb container.
-
2. Re: Security of CMP
craigdberry Feb 9, 2005 7:14 PM (in response to artemgolubev)To clarify a bit, that it is role-based is a non sequitur; one could easily imagine (and not-quite-so-easily implement) role based access rules based on entity values.
The point is that the out-of-the-box EJB security model offers only control at the bean class level -- that is, users in role X can see beans of type Y but not Z.