aspose file tools*
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes Security and EJB Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "Security and EJB" Watch "Security and EJB" New topic
Author

Security and EJB

Hari babu
Ranch Hand

Joined: Jun 25, 2001
Posts: 208
Hi All,
In my EJB I can specify the method execution permission for a particular role. Suppose i have a servlet client which access the EJB, and my servlet validates an user against my database specific to my application. When the user is authenticated, how will the Servlet know which role to assign the authenticated user? Is it the same role, i need to specify in my EJB deployment descriptor and how does it get propagated to the EJB layer ? So that the authenticated user will be able to execute the EJB method.
Please help
Hari
(I have posted this message on J2EE/EJB also, so that i can get quick answer,please excuse me)
Rufus BugleWeed
Ranch Hand

Joined: Feb 22, 2002
Posts: 1551
IMHO
Your servlet makes a connection to the EJB container. Often this is a JNDI logon, I believe.
Do you trust the servlet or do you trust the client ( i.e. clients User ID )?
If you trust the servlet ...
If you are going down to the user id level, you'll have to pass that as a parameter. EJB has the tools you need from there.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Security and EJB