3 Replies Latest reply on Dec 1, 2003 4:46 AM by juha

    Changing EJB security at runtime

    sradford
    sradford Nov 28, 2003 4:34 PM

      Hi,

      Does anyone know if (and how) I could change the method permissions on an EJB at runtime?

      ie. an EJB method is deployed with a security role-name of 'user' but then needs to be changed by an MBean to something else, e.g. 'santa', 'elf' or 'reindeer'

      Thanks in advanced

      • 1216 Views
      • Tags:
        • 1. Re: Changing EJB security at runtime
          juha Nov 29, 2003 9:08 AM (in response to sradford)

          You need to redeploy the EJB or use the app server's security framework directly and discard the braindead J2EE security model.

          -- Juha

            • Actions
          • 2. Re: Changing EJB security at runtime
            sradford
            sradford Dec 1, 2003 4:31 AM (in response to sradford)

            Well it's the latter I wish to do... Any pointers on how to do as such?

            Much much appreciated.

            Sean

              • Actions
            • 3. Re: Changing EJB security at runtime
              juha Dec 1, 2003 4:46 AM (in response to sradford)

              One approach would be to install a security proxy that enforces the authorization rather than using the J2EE security interceptor for it. So in the security proxy per bean or per bean method you can lookup some internal Java objects or MBean services that keep track of the ACL and does the appropriate checks and have these MBeans or POJO's be mutable objects rather than the fixed set of roles you're forced with the XML descriptor approach.

              If you in addition need to have your new roles propagated with the invocations then you need to use the SecurityAssociation class to also modify the RoleGroup principal set in the active subject to populate it with the current role information.

              -- Juha

                • Actions