This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes EJB and other Java EE Technologies and the fly likes Protecting EJBs for public use Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "Protecting EJBs for public use" Watch "Protecting EJBs for public use" New topic
Author

Protecting EJBs for public use

Peter Storch
Ranch Hand

Joined: Jun 12, 2003
Posts: 74
Hello,
in our organisation we are developing several J2EE applications which are deployed on one appserver.
Some of the EJBs are shared across the enterprise applications, some are used internaly only.
How can I control which EJB is used inside an .EAR only and which EJB can be used by other .EARs.?
I've seen some security configurations in the deployment descriptors, but these are based on users and roles not applications.
Lasse Koskela
author
Sheriff

Joined: Jan 23, 2002
Posts: 11962
    
    5
You can use Local interfaces (instead of Remote) for those EJBs you don't want to expose to others.


Author of Test Driven (2007) and Effective Unit Testing (2013) [Blog] [HowToAskQuestionsOnJavaRanch]
Peter Storch
Ranch Hand

Joined: Jun 12, 2003
Posts: 74
But in our enterprise applications we need to use the EJBs from the webcontainer. So they have to be remote.
Jayadev Pulaparty
Ranch Hand

Joined: Mar 25, 2002
Posts: 662
Using EJBs from a web container is not going to restrict them to be local to the best of my knowledge.
Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8903

But in our enterprise applications we need to use the EJBs from the webcontainer. So they have to be remote.

Is it possible to have your war and ejb jar in the same ear file?
Is the web container and EJB container running in different machines.
[ September 18, 2003: Message edited by: Pradeep Bhat ]

Groovy
Lasse Koskela
author
Sheriff

Joined: Jan 23, 2002
Posts: 11962
    
    5
If you don't want to or you can't use the local interface approach, I think your options come down to a) deploying a firewall, and b) EJB security.
Peter Storch
Ranch Hand

Joined: Jun 12, 2003
Posts: 74
Originally posted by Pradeep Bhat:

Is it possible to have your war and ejb jar in the same ear file?
Is the web container and EJB container running in different machines.

Yes, our war and the ejb jar are deployed within the same ear.
Due to a redundant environment we can't be sure that the EJBs "live" in the same JVM than the web classes.
Peter Storch
Ranch Hand

Joined: Jun 12, 2003
Posts: 74
Originally posted by Lasse Koskela:
If you don't want to or you can't use the local interface approach, I think your options come down to a) deploying a firewall, and b) EJB security.

a)
I don't think a firewall can be deployed between two .ear in one Appserver, can it? Or do you think of a programatic firewall in our EJBs?
b)
How is that done? How can I configure EJB security, so EBJs within one .ear are freely acessible but not all EJB from the outside?
Do I have to invent a technical user for the other .ear applications to access my EJBs?
Lasse Koskela
author
Sheriff

Joined: Jan 23, 2002
Posts: 11962
    
    5
I don't think a firewall can be deployed between two .ear in one Appserver, can it?

True, I forgot the requirement for preventing access from .ears on the same server...
How is that done? How can I configure EJB security, so EBJs within one .ear are freely acessible but not all EJB from the outside?
Do I have to invent a technical user for the other .ear applications to access my EJBs?

That's what I envisioned. Creating a user/role such as "WithinSameApplication". Of course that's still a "soft" restriction because external applications can connect if they know the username/password...
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Protecting EJBs for public use
 
Similar Threads
Webserver Vs Application Server
Very Basic Question in EJb
Learning new technologies
This weeks book Giveaway:
A newbie j2ee question