> According to the requirements, we should allow the User to create roles dynamically
> (something like a CREATE ROLE in Oracle). So, what we were planning was to define and
> document a set of Permissions and their meaning. The user could then give a role name
> and check all the permissions applicable for that role.
>
> How is this possible using EJBs?
If you need that level of control, I would suggest that you don't rely
on the deploymentdescriptor or builtin security. I would suggest that
you layer all your beans with a security layer that checks this for each
invocation. For example, if you have a bean XBean you would extend it
with XACLBean and have methods like:
public void doSomething()
{
if (!checkAcl("XBean", "doSomething",
ctx.getCallerPrincipal().getName()))
throw new SecurityException("You may not call this method");
super.doSomething();
}
By doing this you add the security features on top of your main EJB's,
and you have complete control over how checkAcl is implemented. The
above functionality should be generated automatically. If you want you
can use my CodeGenerator tools to do that (see
http://www.dreambean.com/codegen.html).
/Rickard
--
Rickard �berg
@home: +46 13 177937
Email: [EMAIL PROTECTED]
http://www.dreambean.com
Question reality
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
