[jboss-user] [Security & JAAS/JBoss] - Re: Security Roles On EJB3 Remote Interface Only

j2ee_junkie do-not-reply at jboss.com
Mon Jul 24 13:17:07 EDT 2006


adogg,

I am sure you can not add security role restrictions on a non-EJB3 class.  Since the interface is not either a stateless/statefull session bean or a message driven bean, it is not a true EJB3 object.  As such you can not add security restrictions.

I would suggest you place the restrictions on methods of the bean class.  Provide two implementations of the method (or call one from the other with run-as) then place a restriction on one method.  Finally, put the restricted version in remote interface, and the non-restricted in local interface.

cgriffith

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3960473#3960473

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3960473



More information about the jboss-user mailing list