-
1. Re: security: finer grained than method access?
skitching Sep 29, 2005 9:08 PM (in response to kbowen9)Your code can call
if (ejbContext.isCallerInRole("some-role-name")) {
...
}
where ejbContext is of type javax.ejb.EJBContext.
Is this what you were looking for? -
2. Re: security: finer grained than method access?
kbowen9 Sep 30, 2005 3:57 PM (in response to kbowen9)so are you saying I should put those calls in the code of my setters? If this is an entity bean we're talking about, won't that prevent the bean from getting set up properly? If I'm understanding things correctly, doesn't the entity manager, when it instantiates an entity bean, do a new() and then call the beans setters with the values it finds in the database? So if I have user/role checks in the code of my setters, won't they fail when called by the entity manager? What would isCallerInRole return when being called during initial setup of an entity bean by the entity manager?
-
3. Re: security: finer grained than method access?
skitching Oct 4, 2005 12:43 AM (in response to kbowen9)Well, this sort of stuff about who is allowed to assign what values to certain entity bean properties is really *business rules*. And business rules are supposed to reside in the session beans, not in the entities. Entity beans should never be exposed directly to "users", only accessed via session beans.
Calls to ejbContext.isUserInRole will work fine in the session beans...