I'm trying to integrate a third-party security product that allows rules
like "can only call methodX on objectY between 9:00 am and 5:00 pm". It
ties into Weblogic and WebSphere cleanly, but does not have a way to get
into orion. What I would like to be able to do is either:
1) setup my ejb-jar.xml file to point to a Dynamic Proxy class that
could do the security checks before forwarding the call on to the real class
2) or somehow override the wrappers that orion generates with my own
code.
Does anyone know of a way to do this? I can see the java code orion creates
for the wrappers (RemoteInterfaceName_StatelessSessionBeanWrapperXXX.java.)
That would be a perfect place to place the code if it was allowed. It looks
like it uses a class "com.evermind.server.RuntimeSecurityRole" to test
whether the call is allowed or not. I could probably hack this class and
override the logic, but I would think there would be a legitimate way of
accomplishing this.
