Comments inline.
----- Original Message -----
From: "Armin Michel" <[EMAIL PROTECTED]>
To: "Orion-Interest" <[EMAIL PROTECTED]>
Sent: Friday, May 04, 2001 10:50 AM
Subject: Re: custom finder in CMPs
> On Friday 04 May 2001 14:44, you wrote:
> > Commonly, developers build a Stateless Session EJB "facade" through
which
> > all access to Entity EJBs is accomplished. If you were to employ such a
> > pattern, the method of this "facade" that invokes the CMP finder in
> > question would be an appropriate place to manipulate the results before
> > returning them to the client. Have a look around www.theserverside.com
for
> > lots of information and discussions of EJB module design.
>
> The facade-approach is no option, because someone could bypass that facade
> and use the home interface directly. (Everybody must be able to access my
> JNDI - thus everybody has access to the Home-Interfaces too).
Something interesting to try would be to limit access to the Entity Home
Interface methods to a particular Role which the facade raises by
programmatically logging in. In other words, clients would access the facade
SLSB using a different Role than that which is permitted to access the
Entities, and the SLSB would use RoleManager.login() to raise the Role that
can access the Entities. If this would work, would it allay your concerns?
> It would be cool, if I could hook the cmp-finder-Method in some way. Is
that
> possible? Such a callback-solution would solve my problem.
I believe the EJB2.0 spec will introduce the notion of custom home interface
methods. I don't think Orion supports this yet, though.
P.Pontbriand
Canlink Interactive Technologies
