The moose likes EJB and other Java EE Technologies and the fly likes How to associate web client with a security context? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "How to associate web client with a security context?" Watch "How to associate web client with a security context?" New topic
Author

How to associate web client with a security context?

Anonymous
Ranch Hand

Joined: Nov 22, 2008
Posts: 18944
I have a servlet that calls an EJB. The servlet uses custom authentication, i.e. it does not employ container-managed security (BASIC, FORM, or CLIENT-CERT). The EJB, however, does use container-managed security.
How can I associate my servlet with a security context such that calling the EJB does not raise a "not authorized" exception?
------------------
Miftah Khan
- Sun Certified Programmer for the Java� 2 Platform
- Sun Certified Web Component Developer for the Java� 2 Platform, Enterprise Edition
Anonymous
Ranch Hand

Joined: Nov 22, 2008
Posts: 18944
Please, someone.. I'd really appreciate help with this question.
In case my original question wasn't clear.. what I'm trying to do is call an EJB from a servlet. The EJB is configured to allow access only to users in role "manager". The servlet, however, doesn't utilize container managed security, and as a result, the user isn't associated with any role. How can I associate the user with a role without using web.xml-defined security for the servlet?
Thanks in advance,
-Miftah
[This message has been edited by Miftah Khan (edited October 29, 2001).]
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16250
    
  21

I believe that assigning a role to a caller of an EJB is somewhat dependent on what server you're using.


Customer surveys are for companies who didn't pay proper attention to begin with.
Anonymous
Ranch Hand

Joined: Nov 22, 2008
Posts: 18944
Originally posted by Tim Holloway:
I believe that assigning a role to a caller of an EJB is somewhat dependent on what server you're using.

I've been practicing with both Weblogic 6.1 (evaluation) as well as Sun's J2EE Reference Implementation (version 1.2.1). Any thoughts on either of these?
Subrahmanyam Allamaraju
Greenhorn

Joined: Nov 01, 2001
Posts: 20
This is a tricky question. If you're protecting your web resources, why are trying to protect the EJBs? Trying to access protected EJBs from the unprotected servlets leaves room for misuse.

Subrahmanyam Allamaraju<BR>Author of <A HREF="http://www.amazon.com/exec/obidos/ASIN/1861005377/ref=ase_electricporkchop/103-0514572-3811868" TARGET=_blank rel="nofollow">Professional Java Server Programming J2EE 1.3 Edition</A>
JiaPei Jen
Ranch Hand

Joined: Nov 19, 2000
Posts: 1309
I do not fully understand your question; however, I am attempting to answer your question:
Using the WebLogic, the role-name is mapped to principals or groups based on the security-role-assignment element in weblogic.xml. Let us say you have a role-name FOO and you want to assign this role to users John and Mark. You need to make this entry in weblogic.xml- <security-role-assignment> <role-name>FOO</role-name> <principal-name>John</principal-name> <principal-name>Mark</principal-name> </security-role-assignment>

Hoping it was a useful piece of information.
JiaPei Jen
Ranch Hand

Joined: Nov 19, 2000
Posts: 1309
Sorry, the previous message looks incomplete --
You need to make this entry in weblogic.xml-
<security-role-assignment>
<role-name>FOO</role-name>
<principal-name>John</principal-name>
<principal-name>Mark</principal-name>
</security-role-assignment>
This is the way mapping works.
JiaPei Jen
Ranch Hand

Joined: Nov 19, 2000
Posts: 1309
It seems that the elements that I typed in get erased!!! Let me try again.
In weblogic.xml:
<security-role-assignment>
<role-name>FOO</role-name>
<principal-name>John</principal-name>
<principal-name>Mark</principal-name>
</security-role-assignment>
JiaPei Jen
Ranch Hand

Joined: Nov 19, 2000
Posts: 1309
OK, I do not know why it gave me this. I have to describe in words instead of typing the xml elements:
Withing the security-role-name element, the role-name is FOO, and repeat the principal-name twice, one for John and another for Mark.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: How to associate web client with a security context?