BEA Home  |  Events  |  Solutions  |  Partners  |  Products  |  Services  |  Download  |  Developer Center  |  WebSUPPORT
	http://www.oracle.com/technology/documentation/index.html   |   Site Map   |   Search   |   Download Documentation   |   Contact   |   Glossary
|     WebLogic Server Doc Home   |     Programming WebLogic EJB   |   Previous Topic   |   Next Topic   |   Contents   |   View as PDF

Configuring Security in EJBs

You can secure EJBs by restricting access to them. To restrict access to specified EJBs, apply security constraints to them.

Configuring Security Constraints

To figure security constraints, follow these steps:

1. Follow the directions in weblogic\examples\ejb\basic\containerManaged\index.html to set your environment.

2. Add the following to the bottom of the session stanza for the bean, after <transaction-type>:

   <security-role-ref>
   	<role-name>admin</role-name>
   	<role-link<admin</role-link>
   </security-role-ref>
   

3. Add the following to your ejb-jar.xml at the top of the <assembly-descriptor> stanza to specify which roles have access to your EJB methods:

   <security-role> 
   <description></description> 
   	<role-name>admin</role-name> 
   </security-role> 
   <method-permission> 
   	<role-name>admin</role-name> 
   	<method> 
   			<ejb-name>containerManaged</ejb-name> 
   		<method-name>*</method-name> 
   	</method> 
   </method-permission> 
   

4. Add the following to your weblogic-ejb-jar.xml at the end of the weblogic-ejb-jar stanza to map the role name to specific users and groups in your security realm:

   <security-role-assignment> 
   	<role-name>admin</role-name> 
   			<principal-name>Accounting Managers</principal-name> 
   		<principal-name>HR Managers</principal-name> 
   		<principal-name>system</principal-name> 
   </security-role-assignment> 
   

Note: Note that principals can be either users or groups in your security realm.

1. Use the build script to rebuild the bean.

Note: If something concerning EJBs was fixed in a service pack, you will need to add the service pack jar file to the front of the classpath in the build script in order to take advantage of the fix.

1. Modify the Client.java to use user and credential when programming the InitialContext.

2. Run the client by invoking this command:

   java examples.ejb.basic.containerManaged.Client "t3://WebLogicURL:Port" user password

   Parameters are optional, but if any are supplied, they are interpreted in this order:

   1. url - URL such as "t3://localhost:7001" of Server user

   2. user - User name, default null

   3. password - User password, default null accountID - String Account ID to test, default "10020"