File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

EJB object level security

 
Stefan Müller
Greenhorn
Posts: 12
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi *,
I'm trying to implement object-level security for my EJB application. It basically stores objects and performs several actions to the objects. What I need to do is allow only certain users to perform certain actions to certain object instances. From my point of view, this is not possible using the EJB security mechanism because this restricts the users only to certain actions regardless of the object being passed.
Let's give an example:

A user in role "sales" should be able to update only orders which were created in his departement. Currently, I can only restrict access to the updateOrder()-method.
My idea would be to assign a role not only to the user but also to the object instance (role could be the department in this case) and only if the user-role matches the object-role, he'll be able to perform actions to the object. Is there any native support in EJB for something like this?

- stefan
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Stefan Randsomething , please check your private messages.
 
Bill Shirley
Ranch Hand
Posts: 457
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Totally doable.

EJB 3.0

I'd even put this code in an intercepter as to not sully the purity of the session bean code. But, to each his own.

(Chapter 17: Security, p422: Programatic Security, Enterprise JavaBeans 3.0, Burke & Monson-Haefel, O'reily)

[ June 25, 2008: Message edited by: Bill Shirley ]
[ June 25, 2008: Message edited by: Bill Shirley ]
 
Stefan Müller
Greenhorn
Posts: 12
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Okay, clear, that was my idea also to put additional security checking in an interceptor. The question is if that is the way with best performance. If anyone has other suggestions, go ahead...
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic