• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Access restriction on application classes

 
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Hi,
We are developing a EJB-based business application which publishes an
API for the Client application. These APIs are actually the methods of
the EJBRemote objects. The processing flow for any API call from the
Client application is as follows:
Client application -> Session Bean -> Business Object (which does
Validation) -> Business Object (which interacts with the Data access
layer) -> Data access layer.
Now, is it possible to restrict the Client application from directly
calling the Business Object (which interacts with the Data access
layer) without calling the Session Bean layer (thus breaking our
application). In other words, can we force the Client application to
call only our Session Beans?
Since we are hosting our application on an application server
(Weblogic, Websphere etc), the Client may use this application server
for hosting other applications as well; hence we have limited control
on the application server behaviour.
Any idea is welcome.

Regards
Sandeep
 
author
Posts: 3892
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It seems to me like not allowing the JAR files that contain the business objects to be installed on the client machines would work fine.
Another option would be to (perhaps) include a check in the top-level business object for something that can only be provided by the Session EJB (perhaps the EJB context).
Kyle
------------------
Kyle Brown,
Author of Enterprise Java (tm) Programming with IBM Websphere
See my homepage at http://members.aol.com/kgb1001001 for other WebSphere information.
[This message has been edited by Kyle Brown (edited October 25, 2001).]
 
So you made a portal in time and started grabbing people. This tiny ad thinks that's rude:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic