Implement clases conforming to the EJBUserManager API and overide the permission checking methods with logic that does that kind of checking ... then deploy like so: http://www.orionsupport.com/articles/ejbusermanager.html
Justin -----Original Message----- From: Pletka, John [mailto:[EMAIL PROTECTED]] Sent: 13 May 2002 09:25 PM To: Orion-Interest Subject: Dynamic Proxies for remote interface wrapper? I'm trying to integrate a third-party security product that allows rules like "can only call methodX on objectY between 9:00 am and 5:00 pm". It ties into Weblogic and WebSphere cleanly, but does not have a way to get into orion. What I would like to be able to do is either: 1) setup my ejb-jar.xml file to point to a Dynamic Proxy class that could do the security checks before forwarding the call on to the real class 2) or somehow override the wrappers that orion generates with my own code. Does anyone know of a way to do this? I can see the java code orion creates for the wrappers (RemoteInterfaceName_StatelessSessionBeanWrapperXXX.java.) That would be a perfect place to place the code if it was allowed. It looks like it uses a class "com.evermind.server.RuntimeSecurityRole" to test whether the call is allowed or not. I could probably hack this class and override the logic, but I would think there would be a legitimate way of accomplishing this.