0

our project has a very detailed authorization pattern

so i had to implement my own JACC provider.

now i have a problem with EJB security.

i have an EJB method and i want to limit access to it based

on its argument values

for example consider the delete(String arg1) EJB method

i want a user be able to run it with arg1=='something'

and be not able to run it otherwise

how could i access to method's argument values?

thanks

Arjan Tijms
  • 36,666
  • 12
  • 105
  • 134
arash
  • 927
  • 1
  • 13
  • 30

1 Answers1

1

Have you taken a look at EJB interceptors? They have full access to the method's parameters and return value, and can decide to let the call pass through or block it.

Mike Braun
  • 3,676
  • 13
  • 14
  • thank you, i have looked at them, they are very useful. i have tried to check permission in interceptor class, but i don't know how to do it exactly, i have defined a new type of permission(including parameter values), but i don't know how to pass it to JACC provider for checking. could you please help me about this? thanks – arash Jan 08 '12 at 12:14
  • I'm sorry, I know about interceptors but I know nearly nothing about how to access JACC. – Mike Braun Jan 08 '12 at 15:57