Re: MEJB Question
I also expected it to do the same. Is there a test for this? Thanks Anita --- David Blevins [EMAIL PROTECTED] wrote: On Sep 25, 2007, at 8:44 AM, Anita Kulshreshtha wrote: Right now I am stuck at this: @RolesAllowed({a, b}) public class . { @RolesAllowed(b) { public .. dosomething() { } } Does this prevent 'a' from accessing dosomething()? Yes. See http://openejb.apache.org/security-annotations.html -David Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel and lay it on us. http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
Re: MEJB Question
--- David Jencks [EMAIL PROTECTED] wrote: On Sep 20, 2007, at 8:56 AM, Anita Kulshreshtha wrote: I am leaning towards deploying MEJB as an EJBModule. To auto deploy this I will be adding an mejb config. Are there any objections? no :-) I've been wondering if we should try to separate mejb security from other security somehow and thought perhaps we should use a GeronimoGroupPrincipal named mejb or mejb-admin. I think this would make it easier to e.g. give someone access to the web console but not the mejb or vice-versa. If we wanted to be even fancier we could try mejb-read and mejb-write. This is a good idea. MEJB will have two roles: mejbuser (read only) and mejbadmin (read write). One option is to map mejbuser to admin and mejbadmin to mejb-admin. The 'admin' already has access to most of the info via jmx. For the sake of simplicity we could still ship with only admin group and require that mejb-admin be created to get write access to mejb. Should we restric access to JMXViewer also? Would this improve modularity or just create more difficult configuration? Right now I am stuck at this: @RolesAllowed({a, b}) public class . { @RolesAllowed(b) { public .. dosomething() { } } Does this prevent 'a' from accessing dosomething()? Thanks Anita thanks david jencks Thanks Anita --- Anita Kulshreshtha [EMAIL PROTECTED] wrote: Is there a reason for not deploying MEJB as an application and hard coding it in g-openejb? Thanks Anita __ __ Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out. http://answers.yahoo.com/dir/?link=listsid=396545433 __ __ Luggage? GPS? Comic books? Check out fitting gifts for grads at Yahoo! Search http://search.yahoo.com/search?fr=oni_on_mailp=graduation+giftscs=bz Looking for a deal? Find great prices on flights and hotels with Yahoo! FareChase. http://farechase.yahoo.com/
Re: MEJB Question
On Sep 24, 2007, at 3:03 PM, David Jencks wrote: On Sep 20, 2007, at 8:56 AM, Anita Kulshreshtha wrote: I am leaning towards deploying MEJB as an EJBModule. To auto deploy this I will be adding an mejb config. Are there any objections? no :-) I've been wondering if we should try to separate mejb security from other security somehow and thought perhaps we should use a GeronimoGroupPrincipal named mejb or mejb-admin. I think this would make it easier to e.g. give someone access to the web console but not the mejb or vice-versa. If we wanted to be even fancier we could try mejb-read and mejb-write. Would this improve modularity or just create more difficult configuration? I'm not sure about improving modularity, but it seems useful. I'd definitely advocate an mejb-specific group. Separation of read/write selectivity seems less important and, I would assume, harder to do... --kevan
Re: MEJB Question
On Sep 25, 2007, at 8:44 AM, Anita Kulshreshtha wrote: Right now I am stuck at this: @RolesAllowed({a, b}) public class . { @RolesAllowed(b) { public .. dosomething() { } } Does this prevent 'a' from accessing dosomething()? Yes. See http://openejb.apache.org/security-annotations.html -David
Re: MEJB Question
On Sep 20, 2007, at 8:56 AM, Anita Kulshreshtha wrote: I am leaning towards deploying MEJB as an EJBModule. To auto deploy this I will be adding an mejb config. Are there any objections? no :-) I've been wondering if we should try to separate mejb security from other security somehow and thought perhaps we should use a GeronimoGroupPrincipal named mejb or mejb-admin. I think this would make it easier to e.g. give someone access to the web console but not the mejb or vice-versa. If we wanted to be even fancier we could try mejb-read and mejb-write. Would this improve modularity or just create more difficult configuration? thanks david jencks Thanks Anita --- Anita Kulshreshtha [EMAIL PROTECTED] wrote: Is there a reason for not deploying MEJB as an application and hard coding it in g-openejb? Thanks Anita __ __ Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out. http://answers.yahoo.com/dir/?link=listsid=396545433 __ __ Luggage? GPS? Comic books? Check out fitting gifts for grads at Yahoo! Search http://search.yahoo.com/search?fr=oni_on_mailp=graduation+giftscs=bz
Re: MEJB Question
I am leaning towards deploying MEJB as an EJBModule. To auto deploy this I will be adding an mejb config. Are there any objections? Thanks Anita --- Anita Kulshreshtha [EMAIL PROTECTED] wrote: Is there a reason for not deploying MEJB as an application and hard coding it in g-openejb? Thanks Anita Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out. http://answers.yahoo.com/dir/?link=listsid=396545433 Luggage? GPS? Comic books? Check out fitting gifts for grads at Yahoo! Search http://search.yahoo.com/search?fr=oni_on_mailp=graduation+giftscs=bz
MEJB Question
Is there a reason for not deploying MEJB as an application and hard coding it in g-openejb? Thanks Anita Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out. http://answers.yahoo.com/dir/?link=listsid=396545433
Re: MEJB question
Thanks David...I'll give it a shot. John David Jencks wrote: On Jan 17, 2005, at 2:38 PM, John Childs wrote: Hi All, I was wondering about the MEJB class which is in the j2ee module. Specifically, do you have any suggestions on how I could expose this to play around with it a bit? It looks like it's kind of a hybrid gbean and ejb. Yes indeed. I think your best bet right now is to deploy it as a gbean and then from a j2ee component do something like this: Kernel kernel = Kernel.getSingelKernel(); //really bad method, but otherwise you need to know the kernel name ProxyManager proxyManager = kernel.getProxyManager(); //this method is not guaranteed to be there forever Management mejb = (Mananagement)proxyManager.createProxy(MEJB_OBJECT_NAME, Management.class); try { /play with it } finally { proxyManager.destroyProxy(mejb); } It might not take that much more work to deploy it as a local ejb. I don't know what state remote notifications are in at the moment so I doubt it would be so easy to access it remotely. AFAIK this is 100% untested code so I'd be interested in knowing how far you get. thanks david jencks john __ Post your free ad now! http://personals.yahoo.ca