I have various EJBs on a J2EE-server, with different security roles.
我在J2EE服务器上有各种EJB,具有不同的安全角色。
Now, from a Java Swing client application, when I log the user on to the server, I would like to discover which of these EJBs that are accessible to the user, without actually trying to create them or invoke them.
现在,从Java Swing客户端应用程序,当我将用户登录到服务器时,我想要发现用户可以访问哪些EJB,而不是实际尝试创建它们或调用它们。
The reason I want to do this is to adjust the user interface depending on which EJBs are available.
我想这样做的原因是根据可用的EJB调整用户界面。
For instance, if the "AdministerMetadata" EJB is usable by the current user, I want to display a menu option for administering metadata etc.
例如,如果当前用户可以使用“AdministerMetadata”EJB,我想显示用于管理元数据等的菜单选项。
It is acceptable for me to query from a predefined list of known EJBs within the client, so I dont need it to be totally dynamic that way.
我可以从客户端内的已知EJB的预定义列表中进行查询,因此我不需要它是完全动态的。
I dont want to create a special EJB to just return this access-information, and I want to avoid having to try to call methods and catch Exceptions to do the discovery.
我不想创建一个特殊的EJB来返回这个访问信息,我想避免不得不尝试调用方法并捕获异常来进行发现。
I am planning on using the solution on JBoss, but would prefer a standard solution if possible.
我打算在JBoss上使用该解决方案,但如果可能的话,我更愿意使用标准解决方案。
Is this possible? If so how?
这可能吗?如果是这样的话?
1 个解决方案
#1
As far as I know there is nothing in J2EE which would provide you this information at the client side. Even at the server side EJBContext will give you just the roles the caller owns as well as the caller's principal (e.g. login name).
据我所知,J2EE中没有任何内容可以在客户端为您提供此信息。即使在服务器端,EJBContext也只会给你调用者拥有的角色以及调用者的主体(例如登录名)。
I see no other way than to have an extra Session Bean which you can query on the client side and which will inspect the EJBContext on the server side to tell the client which roles the current user owns.
除了拥有一个可以在客户端查询的额外会话Bean之外,我没有别的办法,它会检查服务器端的EJBContext,告诉客户端当前用户拥有哪些角色。
#1
As far as I know there is nothing in J2EE which would provide you this information at the client side. Even at the server side EJBContext will give you just the roles the caller owns as well as the caller's principal (e.g. login name).
据我所知,J2EE中没有任何内容可以在客户端为您提供此信息。即使在服务器端,EJBContext也只会给你调用者拥有的角色以及调用者的主体(例如登录名)。
I see no other way than to have an extra Session Bean which you can query on the client side and which will inspect the EJBContext on the server side to tell the client which roles the current user owns.
除了拥有一个可以在客户端查询的额外会话Bean之外,我没有别的办法,它会检查服务器端的EJBContext,告诉客户端当前用户拥有哪些角色。