This content has been marked as final.
Show 2 replies
-
1. Re: Secure access to ejb
jaikiran Sep 3, 2010 1:46 AM (in response to jensmander)For invoking them directly all works fine but sometimes if the age is different from the current age the changeAll-method has to call the changeAge-method. And this is exactly the point. In this case the container can't handle the security check because the interceptor-object has already delegated the call to the concrete method (changeAll which is accessable for everyone) and changeAge is invoked normally.
Your changeAll should then look like (I'm assuming it's EJB3, if not let us know the exact EJB version):
@Stateless @Remote (MyBeanInterface.class) public class MyBean implements MyBeanInterface { ... @Resource private SessionContext sessionCtx; ... public void changeAll() { // do something ... // call changeAge() (through a EJB proxy to apply the EJB semantics on the call MyBeanInterface myBeanProxy = this.sessionCtx.getBusinessObject(MyBeanInterface.class); // call on proxy myBeanProxy.changeAge(); ... }
-
2. Re: Secure access to ejb
jensmander Sep 8, 2010 9:10 AM (in response to jaikiran)Hi,
absolutely brilliant. Thanks a lot
Regards
Jens