Re: MEJB Question
I also expected it to do the same. Is there a test for this?
Thanks
Anita
--- David Blevins [EMAIL PROTECTED] wrote:
On Sep 25, 2007, at 8:44 AM, Anita Kulshreshtha wrote:
Right now I am stuck at this:
@RolesAllowed({a, b})
public class . {
@RolesAllowed(b) {
public .. dosomething() {
}
}
Does this prevent 'a' from accessing dosomething()?
Yes. See http://openejb.apache.org/security-annotations.html
-David
Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel
and lay it on us. http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
Re: MEJB Question
--- David Jencks [EMAIL PROTECTED] wrote:
On Sep 20, 2007, at 8:56 AM, Anita Kulshreshtha wrote:
I am leaning towards deploying MEJB as an EJBModule. To auto
deploy
this I will be adding an mejb config. Are there any objections?
no :-)
I've been wondering if we should try to separate mejb security from
other security somehow and thought perhaps we should use a
GeronimoGroupPrincipal named mejb or mejb-admin. I think this would
make it easier to e.g. give someone access to the web console but not
the mejb or vice-versa. If we wanted to be even fancier we could try
mejb-read and mejb-write.
This is a good idea. MEJB will have two roles: mejbuser (read only)
and mejbadmin (read write). One option is to map mejbuser to admin and
mejbadmin to mejb-admin. The 'admin' already has access to most of the
info via jmx. For the sake of simplicity we could still ship with only
admin group and require that mejb-admin be created to get write
access to mejb.
Should we restric access to JMXViewer also?
Would this improve modularity or just create more difficult
configuration?
Right now I am stuck at this:
@RolesAllowed({a, b})
public class . {
@RolesAllowed(b) {
public .. dosomething() {
}
}
Does this prevent 'a' from accessing dosomething()?
Thanks
Anita
thanks
david jencks
Thanks
Anita
--- Anita Kulshreshtha [EMAIL PROTECTED] wrote:
Is there a reason for not deploying MEJB as an application and
hard
coding it in g-openejb?
Thanks
Anita
__
__
Be a better Heartthrob. Get better relationship answers from
someone
who knows. Yahoo! Answers - Check it out.
http://answers.yahoo.com/dir/?link=listsid=396545433
__
__
Luggage? GPS? Comic books?
Check out fitting gifts for grads at Yahoo! Search
http://search.yahoo.com/search?fr=oni_on_mailp=graduation+giftscs=bz
Looking for a deal? Find great prices on flights and hotels with Yahoo!
FareChase.
http://farechase.yahoo.com/
Re: MEJB Question
On Sep 24, 2007, at 3:03 PM, David Jencks wrote: On Sep 20, 2007, at 8:56 AM, Anita Kulshreshtha wrote: I am leaning towards deploying MEJB as an EJBModule. To auto deploy this I will be adding an mejb config. Are there any objections? no :-) I've been wondering if we should try to separate mejb security from other security somehow and thought perhaps we should use a GeronimoGroupPrincipal named mejb or mejb-admin. I think this would make it easier to e.g. give someone access to the web console but not the mejb or vice-versa. If we wanted to be even fancier we could try mejb-read and mejb-write. Would this improve modularity or just create more difficult configuration? I'm not sure about improving modularity, but it seems useful. I'd definitely advocate an mejb-specific group. Separation of read/write selectivity seems less important and, I would assume, harder to do... --kevan
Re: MEJB Question
On Sep 25, 2007, at 8:44 AM, Anita Kulshreshtha wrote:
Right now I am stuck at this:
@RolesAllowed({a, b})
public class . {
@RolesAllowed(b) {
public .. dosomething() {
}
}
Does this prevent 'a' from accessing dosomething()?
Yes. See http://openejb.apache.org/security-annotations.html
-David
Re: MEJB Question
On Sep 20, 2007, at 8:56 AM, Anita Kulshreshtha wrote: I am leaning towards deploying MEJB as an EJBModule. To auto deploy this I will be adding an mejb config. Are there any objections? no :-) I've been wondering if we should try to separate mejb security from other security somehow and thought perhaps we should use a GeronimoGroupPrincipal named mejb or mejb-admin. I think this would make it easier to e.g. give someone access to the web console but not the mejb or vice-versa. If we wanted to be even fancier we could try mejb-read and mejb-write. Would this improve modularity or just create more difficult configuration? thanks david jencks Thanks Anita --- Anita Kulshreshtha [EMAIL PROTECTED] wrote: Is there a reason for not deploying MEJB as an application and hard coding it in g-openejb? Thanks Anita __ __ Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out. http://answers.yahoo.com/dir/?link=listsid=396545433 __ __ Luggage? GPS? Comic books? Check out fitting gifts for grads at Yahoo! Search http://search.yahoo.com/search?fr=oni_on_mailp=graduation+giftscs=bz
Re: MEJB Question
I am leaning towards deploying MEJB as an EJBModule. To auto deploy this I will be adding an mejb config. Are there any objections? Thanks Anita --- Anita Kulshreshtha [EMAIL PROTECTED] wrote: Is there a reason for not deploying MEJB as an application and hard coding it in g-openejb? Thanks Anita Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out. http://answers.yahoo.com/dir/?link=listsid=396545433 Luggage? GPS? Comic books? Check out fitting gifts for grads at Yahoo! Search http://search.yahoo.com/search?fr=oni_on_mailp=graduation+giftscs=bz
MEJB Question
Is there a reason for not deploying MEJB as an application and hard coding it in g-openejb? Thanks Anita Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out. http://answers.yahoo.com/dir/?link=listsid=396545433
Re: MEJB question
Thanks David...I'll give it a shot.
John
David Jencks wrote:
On Jan 17, 2005, at 2:38 PM, John Childs wrote:
Hi All,
I was wondering about the MEJB class which is in the
j2ee module. Specifically, do you have any
suggestions on how I could expose this to play around
with it a bit? It looks like it's kind of a hybrid
gbean and ejb.
Yes indeed.
I think your best bet right now is to deploy it as a gbean and then from
a j2ee component do something like this:
Kernel kernel = Kernel.getSingelKernel(); //really bad method, but
otherwise you need to know the kernel name
ProxyManager proxyManager = kernel.getProxyManager(); //this method is
not guaranteed to be there forever
Management mejb =
(Mananagement)proxyManager.createProxy(MEJB_OBJECT_NAME, Management.class);
try {
/play with it
} finally {
proxyManager.destroyProxy(mejb);
}
It might not take that much more work to deploy it as a local ejb. I
don't know what state remote notifications are in at the moment so I
doubt it would be so easy to access it remotely.
AFAIK this is 100% untested code so I'd be interested in knowing how far
you get.
thanks
david jencks
john
__
Post your free ad now! http://personals.yahoo.ca
