1 Reply Latest reply on Mar 4, 2002 12:28 PM by dward2

security based on values

dward2 Mar 4, 2002 9:44 AM

I know how to lock down EJB's based on which roles are allowed to execute which beans/methods, but does anyone have any experience on locking things down looking at the VALUE of an object passed into an EJB method?

I'm relatively sure the spec doesn't say anything about this, but has anyone come up with a good hybrid mix of container-based and application-based security?

Many thanks,
David

1. Re: security based on values

dward2 Mar 4, 2002 12:28 PM (in response to dward2)

Got a great answer from someone in jboss-user:
http://www.javaworld.com/javaworld/jw-02-2002/jw-0215-ejbsecurity_p.html

Now (since my app needs to work in WebLogic too...) I'm looking here but not sure if it will work for my needs:
http://e-docs.bea.com/wls/docs70/dvspisec/sspi.html
http://e-docs.bea.com/wls/docs70/dvspisec/design.html

At first glance it looks possible, but not nearly as easy as in JBoss...
Actions