[jboss-dev-forums] [Design of JBoss jBPM] - Re: commands & EJB 3

[tom.baeyens@jboss.com]

"camunda" wrote : First of all: There is no EJB 3 SessionBean available, right? And because the Java 1.4 compability is still required we only can build a EJB 3 SessionBean in our own toolkit for jBPM, not the jbpm core, right?
  | 

no.  you could include them into the jbpm sources.  you just have to be very carefull not to introduce dependencies to java 5 in the current codebase.

best way to do that is to make sure that the ejb3 part is in a separate source directory.  probably in a separate sub project project.

maybe an ejb3 subproject, right underneith the jbpm.3 root ?  what do you think.   if you can give that the same layout/build structure as the other subprojects (e.g. by starting from a copy of the enterprise project), you can just go ahead and try that.  you can't do any harm by trying in a separate project ;-)

"camunda" wrote : Also we use JAAS to autheticate users (to have different groups for deploying processes, signalling, cancelling, ...). We have annotated this in our EJB 3 Bean (e.g. @RolesAllowed( {"jbpm-admin-write"}) ). How can we do that with the commands?
  | 

with commands, you definitely cannot use the annotations based security.  i think you could do it with JACC based authorization checks.  i'll have to give that a second look if that would work out.

"camunda" wrote : 
  | One really generic and easy solution which came into my mind, is just to have the Command-Class-names as roles in JAAS (ok, not so nice for the administration) and then check, if the JAAS user is in the role in the SessionBean, so the JAAS-Logic is only in the SessionBean, nowhere else.
  | 

i think we should try to see of we can embed the JACC based authorization inside of the commands.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4011999#4011999

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4011999