From: David G. <gr...@co...> - 2001-06-23 19:21:08
|
Forgive me if this is a no-brainer for you guys, but I've read all kinds of books on EJB and have yet to find an answer for this... From what I've learned of security in EJB, if one EJB calls a method on another EJB, the Principal of the original call is propagated to the second one. This seems problematic to me. For example, lets say we have an entity bean called EBean, and a session bean called SBean, and a user named John. John calls a method on SBean, which calls a method on EBean. If John does not have access to that method on EBean, the call on SBean will eventually fail, right? So in order for John to call the method on SBean, he has to have access to the methods that SBean calls on EBean as well. Well, if he has access, then he can call those methods on EBean directly. But what if want to force him to go through your session beans rather than use the Entity beans to manipulate data directly? By utilizing his access to EBean, he could destroy the integrity of a relational database, right? EJB 1.0, I read, has a "runas" attribute in it's deployment descriptor which was removed in EJB 1.1? It seems that this would be the solution to the problem, _if_ it still existed in 1.1. Then you just allow access to your Entity beans from a role named "internal", then have your deployed beans assume that "internal" role, thus giving deployed beans, but noone else, access to internal resources such as entity beans. If anyone has an answer to this, I'd be greatly appreciative. Thanks! David Green |