[jboss-user] [Security & JAAS/JBoss] - Re: Security Roles On EJB3 Remote Interface Only
j2ee_junkie
do-not-reply at jboss.com
Mon Jul 24 13:17:07 EDT 2006
adogg,
I am sure you can not add security role restrictions on a non-EJB3 class. Since the interface is not either a stateless/statefull session bean or a message driven bean, it is not a true EJB3 object. As such you can not add security restrictions.
I would suggest you place the restrictions on methods of the bean class. Provide two implementations of the method (or call one from the other with run-as) then place a restriction on one method. Finally, put the restricted version in remote interface, and the non-restricted in local interface.
cgriffith
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3960473#3960473
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3960473
More information about the jboss-user
mailing list