2 Replies Latest reply on Nov 20, 2002 3:36 PM by Vincent B Fischer

    Reading Permissions from database

    Stefan Heckler Novice

      I would like to configure JBoss (3.0.0) to read method permissions not from ejb_jar.xml, but from a database. Is it possible? Where is it to configure?

      Stefan Heckler

        • 1. Re: Reading Permissions from database
          Vincent B Fischer Newbie

          Hi Sheckler.

          I cannot answer your question 100%, but I think I can give you hope.

          I seem to remember reading about creating SecurityInteceptor (s) for your Beans. I don't know if I have the name correct, hopefully someone can intercede here. Anyways, inside the Interceptor(s) you write the code to determine if the current Principal has access to the bean's methods.

          I thought I had read this in the JBossBook, but in perusing it just now, I couldn't find it. Only thing I could ifnd was on page 268, where there's a diagram showing... I'll do some more research and post my findings here, as I need to figure this out soon anyways...

          • 2. Re: Reading Permissions from database
            Vincent B Fischer Newbie

            AHA... I found it...

            In this Javaworld article...

            Here's the abstract:
            The current EJB (Enterprise JavaBeans) specification supports basic declarative, role-based access-control mechanisms, but provides limited support for coding application-specific security checks. Moreover, it doesn't define any way to factor out access-control code from business logic, or to integrate external authorization services. The open source, J2EE-compliant (Java 2 Platform, Enterprise Edition) JBoss application server features a protection-proxy security architecture that will help you overcome these restrictions. (4,500 words; February 15, 2002)

            http://www.javaworld.com/javaworld/jw-02-2002/jw-0215-ejbsecurity.html