D
davout
As a newbie to EJB apps I can see that roles may be applied to bean level
methods to allow the container to manage entity class level permissions.
But what happens if you want to apply access control permisions to
individual instances of a class? For instance I have a session bean that
provides add/delete/update methods on currency rates for different
currencies.
interface CurrencyRateManager {
public void updateRate(String aCurrencyCode, double aRate);
}
The standard EJB mechanism allows me to set a role against the 'update'
method, but this doesn't distinguish between what currency is being changed.
For example how would I apply security controls at a method level that only
allowed 'joe' to update 'Yen' rates and 'fred' to update 'dollar' rates?
methods to allow the container to manage entity class level permissions.
But what happens if you want to apply access control permisions to
individual instances of a class? For instance I have a session bean that
provides add/delete/update methods on currency rates for different
currencies.
interface CurrencyRateManager {
public void updateRate(String aCurrencyCode, double aRate);
}
The standard EJB mechanism allows me to set a role against the 'update'
method, but this doesn't distinguish between what currency is being changed.
For example how would I apply security controls at a method level that only
allowed 'joe' to update 'Yen' rates and 'fred' to update 'dollar' rates?