|
Home > Archive > WebSphere Application Server > September 2005 > overloaded method differentiation doesn't work in ejb-jar.xml?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
overloaded method differentiation doesn't work in ejb-jar.xml?
|
|
| Mika Moilanen 2005-09-28, 2:51 am |
|
Hello All!
WebSphere is version 6 on Linux.
I have problems with J2EE Security (method permissions) and overloaded
methods. I have the following sample ejb-jar.xml:
-----------------------------------------------
| |
| Paul Ilechko 2005-09-28, 6:04 pm |
| Mika Moilanen wrote:
> Hello All!
>
> WebSphere is version 6 on Linux.
>
> I have problems with J2EE Security (method permissions) and overloaded
> methods. I have the following sample ejb-jar.xml:
>
> -----------------------------------------------
> .
> .
> .
> <security-role-ref>
> <role-name>developer</role-name>
> <role-link>developer</role-link>
> </security-role-ref>
> </session>
> </enterprise-beans>
>
> <assembly-descriptor>
> <security-role>
> <role-name>developer</role-name>
> </security-role>
>
> <method-permission>
> <role-name>developer</role-name>
> <method>
> <ejb-name>FooEJB</ejb-name>
> <method-intf>Remote</method-intf>
> <method-name>list</method-name>
> </method>
> </method-permission>
>
> </assembly-descriptor>
> </ejb-jar>
> -----------------------------------------------
>
> This is fine, except that FooEJB has also an overloaded "void
> list(int)" method, which can be called by authenticated user...Is
> there something wrong in my ejb-jar.xml, or is it simply somewthing I
> haven't understood?
Try reading the EJB specification. It describes clearly how to address
overloaded methods using <method-param> elements.
| |
| Randy Schnier 2005-09-28, 6:04 pm |
| Mika,
Your xml file is syntactially correct, but it says for the "developer"
permission to apply to any method on the Remote interface that is named
"list", regardless of signature. (Sometimes this is the desired
behavior.) If you want the permission to apply to just a particular
signature of that method, there's another xml stanza(s) you need to
supply: <method-param>. The contents of that stanza(s) define the
method signature you want. The syntax for how to specify the arg types
is somewhat interesting  but it's not too bad. It's defined in the
EJB spec, in the "deployment descriptor XML schema" section (page 541 of
the EJB 2.1 spec). Since this is something that's not in a lot of "how
to write EJBs" books, I've included a snippet below that should get you
going. You're doing a "style 3" entry.
Just curious, where did you find info on how to use the method-name
stanza? Typically where that's discussed, it also goes next into the
method-param description.
------------------------------
Examples:
Style 1: The following method element refers to all the
methods of the EmployeeService bean’s home, component,
and/or web service endpoint interfaces:
<method>
<ejb-name>EmployeeService</ejb-name>
<method-name>*</method-name>
</method>
Style 2: The following method element refers to all the
create methods of the EmployeeService bean’s home
interface(s).
<method>
<ejb-name>EmployeeService</ejb-name>
<method-name>create</method-name>
</method>
Style 3: The following method element refers to the
create(String firstName, String LastName) method of the
EmployeeService bean’s home interface(s).
<method>
<ejb-name>EmployeeService</ejb-name>
<method-name>create</method-name>
<method-params>
<method-param>java.lang.String</method-param>
<method-param>java.lang.String</method-param>
</method-params>
</method>
The following example illustrates a Style 3 element with
more complex parameter types. The method
foobar(char s, int i, int[] iar, mypackage.MyClass mycl,
mypackage.MyClass[][] myclaar) would be specified as:
<method>
<ejb-name>EmployeeService</ejb-name>
<method-name>foobar</method-name>
<method-params>
<method-param>char</method-param>
<method-param>int</method-param>
<method-param>int[]</method-param>
<method-param>mypackage.MyClass</method-param>
<method-param>mypackage.MyClass[][]</method-param>
</method-params>
</method>
Mika Moilanen wrote:
> Hello All!
>
> WebSphere is version 6 on Linux.
>
> I have problems with J2EE Security (method permissions) and overloaded
> methods. I have the following sample ejb-jar.xml:
>
> -----------------------------------------------
> .
> .
> .
> <security-role-ref>
> <role-name>developer</role-name>
> <role-link>developer</role-link>
> </security-role-ref>
> </session>
> </enterprise-beans>
>
> <assembly-descriptor>
> <security-role>
> <role-name>developer</role-name>
> </security-role>
>
> <method-permission>
> <role-name>developer</role-name>
> <method>
> <ejb-name>FooEJB</ejb-name>
> <method-intf>Remote</method-intf>
> <method-name>list</method-name>
> </method>
> </method-permission>
>
> </assembly-descriptor>
> </ejb-jar>
> -----------------------------------------------
>
> This is fine, except that FooEJB has also an overloaded "void
> list(int)" method, which can be called by authenticated user...Is
> there something wrong in my ejb-jar.xml, or is it simply somewthing I
> haven't understood?
| |
| Randy Schnier 2005-09-28, 6:04 pm |
| Heh...I noticed that in Richard Monson-Haefel's "Enterprise Java Beans"
books, he does cover method-param, but unfortunately he covers run-as in
between the discussion of method-name and method-param, so it's easy to
miss that there's such a thing as method-param. Go figure.
Randy Schnier wrote:[vbcol=seagreen]
> Mika,
> Your xml file is syntactially correct, but it says for the "developer"
> permission to apply to any method on the Remote interface that is named
> "list", regardless of signature. (Sometimes this is the desired
> behavior.) If you want the permission to apply to just a particular
> signature of that method, there's another xml stanza(s) you need to
> supply: <method-param>. The contents of that stanza(s) define the
> method signature you want. The syntax for how to specify the arg types
> is somewhat interesting but it's not too bad. It's defined in the
> EJB spec, in the "deployment descriptor XML schema" section (page 541 of
> the EJB 2.1 spec). Since this is something that's not in a lot of "how
> to write EJBs" books, I've included a snippet below that should get you
> going. You're doing a "style 3" entry.
>
> Just curious, where did you find info on how to use the method-name
> stanza? Typically where that's discussed, it also goes next into the
> method-param description.
>
> ------------------------------
>
> Examples:
>
> Style 1: The following method element refers to all the
> methods of the EmployeeService bean’s home, component,
> and/or web service endpoint interfaces:
> <method>
> <ejb-name>EmployeeService</ejb-name>
> <method-name>*</method-name>
> </method>
>
> Style 2: The following method element refers to all the
> create methods of the EmployeeService bean’s home
> interface(s).
> <method>
> <ejb-name>EmployeeService</ejb-name>
> <method-name>create</method-name>
> </method>
>
> Style 3: The following method element refers to the
> create(String firstName, String LastName) method of the
> EmployeeService bean’s home interface(s).
> <method>
> <ejb-name>EmployeeService</ejb-name>
> <method-name>create</method-name>
> <method-params>
> <method-param>java.lang.String</method-param>
> <method-param>java.lang.String</method-param>
> </method-params>
> </method>
>
> The following example illustrates a Style 3 element with
> more complex parameter types. The method
> foobar(char s, int i, int[] iar, mypackage.MyClass mycl,
> mypackage.MyClass[][] myclaar) would be specified as:
> <method>
> <ejb-name>EmployeeService</ejb-name>
> <method-name>foobar</method-name>
> <method-params>
> <method-param>char</method-param>
> <method-param>int</method-param>
> <method-param>int[]</method-param>
> <method-param>mypackage.MyClass</method-param>
> <method-param>mypackage.MyClass[][]</method-param>
> </method-params>
> </method>
>
>
> Mika Moilanen wrote:
>
| |
| Mika Moilanen 2005-09-29, 2:56 am |
| >>>>> "Mika" == Mika Moilanen <mikmoila@shire.ntc.nokia.com> writes:
Mika> Hello All!
Mika> WebSphere is version 6 on Linux.
Mika> I have problems with J2EE Security (method permissions) and overloaded
Mika> methods. I have the following sample ejb-jar.xml:
Thank you for all for the good answers! The problem is that I'm
already using <method-params> to differentiate between overloaded
versions.
Somehow it looks like method-params doesn't have any affect, and xml
syntax has been checked with the validation tool. That is, for
example, even if I define 'list(int)' for role "Role_1":
--------------------------------------------------------
<ejb-name>FooEJB</ejb-name>
<method-intf>Remote</method-intf>
<method-name>list</method-name>
<method-params>
<method-param>int</method-param>
</method-params>
</method>
--------------------------------------------------------
....and 'list(int, int)' for "Role_2":
--------------------------------------------------------
<ejb-name>FooEJB</ejb-name>
<method-intf>Remote</method-intf>
<method-name>list</method-name>
<method-params>
<method-param>int</method-param>
<method-param>int</method-param>
</method-params>
</method>
--------------------------------------------------------
Both roles are authorised to execute *both* versions of
list-method....
| |
| Randy Schnier 2005-09-29, 6:01 pm |
| Mika,
For what it's worth...Your initial post didn't include any
<method-params> stanzas, so that's why the initial answers gave that
explanation.
If you are still seeing incorrect behavior with the <method-params>
stanzas included, it looks like there's a bug and therefore you'd want
to submit a PMR.
Mika Moilanen wrote:
>
>
> Mika> Hello All!
>
> Mika> WebSphere is version 6 on Linux.
>
> Mika> I have problems with J2EE Security (method permissions) and overloaded
> Mika> methods. I have the following sample ejb-jar.xml:
>
> Thank you for all for the good answers! The problem is that I'm
> already using <method-params> to differentiate between overloaded
> versions.
>
> Somehow it looks like method-params doesn't have any affect, and xml
> syntax has been checked with the validation tool. That is, for
> example, even if I define 'list(int)' for role "Role_1":
>
> --------------------------------------------------------
> <ejb-name>FooEJB</ejb-name>
> <method-intf>Remote</method-intf>
> <method-name>list</method-name>
> <method-params>
> <method-param>int</method-param>
> </method-params>
> </method>
> --------------------------------------------------------
>
> ...and 'list(int, int)' for "Role_2":
>
> --------------------------------------------------------
> <ejb-name>FooEJB</ejb-name>
> <method-intf>Remote</method-intf>
> <method-name>list</method-name>
> <method-params>
> <method-param>int</method-param>
> <method-param>int</method-param>
> </method-params>
> </method>
> --------------------------------------------------------
>
> Both roles are authorised to execute *both* versions of
> list-method....
>
|
|
|
|
|