aspose file tools*
The moose likes EJB and other Java EE Technologies and the fly likes Protecting EJBs for public use Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "Protecting EJBs for public use" Watch "Protecting EJBs for public use" New topic
Author

Protecting EJBs for public use

Peter Storch
Ranch Hand

Joined: Jun 12, 2003
Posts: 74
Hello,
in our organisation we are developing several J2EE applications which are deployed on one appserver.
Some of the EJBs are shared across the enterprise applications, some are used internaly only.
How can I control which EJB is used inside an .EAR only and which EJB can be used by other .EARs.?
I've seen some security configurations in the deployment descriptors, but these are based on users and roles not applications.
Lasse Koskela
author
Sheriff

Joined: Jan 23, 2002
Posts: 11962
    
    5
You can use Local interfaces (instead of Remote) for those EJBs you don't want to expose to others.


Author of Test Driven (2007) and Effective Unit Testing (2013) [Blog] [HowToAskQuestionsOnJavaRanch]
Peter Storch
Ranch Hand

Joined: Jun 12, 2003
Posts: 74
But in our enterprise applications we need to use the EJBs from the webcontainer. So they have to be remote.
Jayadev Pulaparty
Ranch Hand

Joined: Mar 25, 2002
Posts: 662
Using EJBs from a web container is not going to restrict them to be local to the best of my knowledge.
Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8898

But in our enterprise applications we need to use the EJBs from the webcontainer. So they have to be remote.

Is it possible to have your war and ejb jar in the same ear file?
Is the web container and EJB container running in different machines.
[ September 18, 2003: Message edited by: Pradeep Bhat ]

Groovy
Lasse Koskela
author
Sheriff

Joined: Jan 23, 2002
Posts: 11962
    
    5
If you don't want to or you can't use the local interface approach, I think your options come down to a) deploying a firewall, and b) EJB security.
Peter Storch
Ranch Hand

Joined: Jun 12, 2003
Posts: 74
Originally posted by Pradeep Bhat:

Is it possible to have your war and ejb jar in the same ear file?
Is the web container and EJB container running in different machines.

Yes, our war and the ejb jar are deployed within the same ear.
Due to a redundant environment we can't be sure that the EJBs "live" in the same JVM than the web classes.
Peter Storch
Ranch Hand

Joined: Jun 12, 2003
Posts: 74
Originally posted by Lasse Koskela:
If you don't want to or you can't use the local interface approach, I think your options come down to a) deploying a firewall, and b) EJB security.

a)
I don't think a firewall can be deployed between two .ear in one Appserver, can it? Or do you think of a programatic firewall in our EJBs?
b)
How is that done? How can I configure EJB security, so EBJs within one .ear are freely acessible but not all EJB from the outside?
Do I have to invent a technical user for the other .ear applications to access my EJBs?
Lasse Koskela
author
Sheriff

Joined: Jan 23, 2002
Posts: 11962
    
    5
I don't think a firewall can be deployed between two .ear in one Appserver, can it?

True, I forgot the requirement for preventing access from .ears on the same server...
How is that done? How can I configure EJB security, so EBJs within one .ear are freely acessible but not all EJB from the outside?
Do I have to invent a technical user for the other .ear applications to access my EJBs?

That's what I envisioned. Creating a user/role such as "WithinSameApplication". Of course that's still a "soft" restriction because external applications can connect if they know the username/password...
 
Consider Paul's rocket mass heater.
 
subject: Protecting EJBs for public use
 
Similar Threads
A newbie j2ee question
Learning new technologies
Very Basic Question in EJb
This weeks book Giveaway:
Webserver Vs Application Server