Hello,
Please bear with me while I try to explain my question. I don't
understand the J2EE security mechanism as well as I should. Here's what
I want to do.
In the client application, I want to provide a user interface for
invoking some methods on an EJB. Say, the client application renders an
entity bean and there is a method public void reset() on the entity
bean. I want to enable or disable a menu item based on whether the
current user is authorized to invoke the method. From what I
understand, upon deployment users are assigned to roles and roles
authorized to invoke methods. Is there a way for the client application
to establish whether the current user is able to invoke the method? I
can get the current user from the InitialContext as
(Principal)getContext().getEnvironment().get("java.naming.security.principal").
Right? Can I somehow do the equivalent of Principal.canInvoke
("SessionBean.methodName")?
I'm not sure whether the question is even reasonable. However, there
must be a way for the client application's UI to dynamically adjust
itself based on the deployment security criteria. Or am I confused
about something basic.
Thanks,
Vidur
PS. If possible, please cc me
