File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Protecting EJBs for public use

 
Peter Storch
Ranch Hand
Posts: 74
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,
in our organisation we are developing several J2EE applications which are deployed on one appserver.
Some of the EJBs are shared across the enterprise applications, some are used internaly only.
How can I control which EJB is used inside an .EAR only and which EJB can be used by other .EARs.?
I've seen some security configurations in the deployment descriptors, but these are based on users and roles not applications.
 
Lasse Koskela
author
Sheriff
Posts: 11962
5
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can use Local interfaces (instead of Remote) for those EJBs you don't want to expose to others.
 
Peter Storch
Ranch Hand
Posts: 74
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
But in our enterprise applications we need to use the EJBs from the webcontainer. So they have to be remote.
 
Jayadev Pulaparty
Ranch Hand
Posts: 662
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Using EJBs from a web container is not going to restrict them to be local to the best of my knowledge.
 
Pradeep bhatt
Ranch Hand
Posts: 8927
Firefox Browser Java Spring
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
But in our enterprise applications we need to use the EJBs from the webcontainer. So they have to be remote.

Is it possible to have your war and ejb jar in the same ear file?
Is the web container and EJB container running in different machines.
[ September 18, 2003: Message edited by: Pradeep Bhat ]
 
Lasse Koskela
author
Sheriff
Posts: 11962
5
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you don't want to or you can't use the local interface approach, I think your options come down to a) deploying a firewall, and b) EJB security.
 
Peter Storch
Ranch Hand
Posts: 74
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Pradeep Bhat:

Is it possible to have your war and ejb jar in the same ear file?
Is the web container and EJB container running in different machines.

Yes, our war and the ejb jar are deployed within the same ear.
Due to a redundant environment we can't be sure that the EJBs "live" in the same JVM than the web classes.
 
Peter Storch
Ranch Hand
Posts: 74
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Lasse Koskela:
If you don't want to or you can't use the local interface approach, I think your options come down to a) deploying a firewall, and b) EJB security.

a)
I don't think a firewall can be deployed between two .ear in one Appserver, can it? Or do you think of a programatic firewall in our EJBs?
b)
How is that done? How can I configure EJB security, so EBJs within one .ear are freely acessible but not all EJB from the outside?
Do I have to invent a technical user for the other .ear applications to access my EJBs?
 
Lasse Koskela
author
Sheriff
Posts: 11962
5
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't think a firewall can be deployed between two .ear in one Appserver, can it?

True, I forgot the requirement for preventing access from .ears on the same server...
How is that done? How can I configure EJB security, so EBJs within one .ear are freely acessible but not all EJB from the outside?
Do I have to invent a technical user for the other .ear applications to access my EJBs?

That's what I envisioned. Creating a user/role such as "WithinSameApplication". Of course that's still a "soft" restriction because external applications can connect if they know the username/password...
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic