Because you can define multiple protected resources for each JavaBean, you can create one policy that protects the module and another policy that protects specific interfaces or methods. For example, you could create two protected resources and two policies for an EJB. The first resource and policy combination grants general access to the EJB to all the users that meet the criteria in the Authorization policy. If the EJB contains areas that only a few users should access, then you create a second protected resource and policy combination that restricts access to these resources to these users. The following sections explain this process:
In the Administration Console, click
> > > .Click
and supply the following information:Module File Name: The filename of the EJB. Specify the name of the EJB module you are protecting, including the file extension (.jar for an EJB Module).
Type: The type of application. Select
for an EJB module.Click
.To add a protected resource to the list, click
, specify a display name for the EJB resource, then click .Fill in the following fields:
EJB Name: The module name to protect. Select
to protect all modules.Interfaces: The interfaces to protect. Select one or more of the following:
Local
Local Home
Remote
Remote Home
Web Service
Method: The method to protect. Select
to protect all methods.Method Parameters: The parameters of the method to protect.
If
is specified, the policy is applied to all methods listed in the field.If the list is empty, the policy is applied only to the methods that have an empty set of parameters.
If the field contains parameter names, the policy is applied only to the methods that have the specified parameters.
Click
>On the Configuration page, click
, then click > .Continue with Section 5.3.2, Assigning an Enterprise JavaBeans Authorization Policy to a Resource.
Until you have assigned an Authorization policy to the resource to restrict access to this resource, all authenticated users have access to the resource.
The following instructions assume that you have already created your Authorization policy for the Web resource. For general information about Authorization policies, see Creating Authorization Policies
in the Novell Access Manager 3.0 SP4 Administration Guide and for information about creating an EJB Authorization policy, see Creating Enterprise JavaBean Authorization Policies for J2EE Agents
in the Novell Access Manager 3.0 SP4 Administration Guide.
In the Administration Console, click
> > > > > > .To enable a policy, select a policy in the list, then click
.If no policies appear in the list, you haven’t created any. Click Creating Enterprise JavaBean Authorization Policies for J2EE Agents
in the Novell Access Manager 3.0 SP4 Administration Guide.
WARNING:EJBs that are configured to run-as a role can only use limited conditions in an EJB Authorization policy. The Current Roles of User and the time conditions can be used in the policy, but the conditions requiring user information cannot be used. This is because the run-as role subjects do not contain the Liberty profile, LDAP attribute, or LDAP credential information that these conditions require. When unsupported conditions are defined in a policy and that policy is assigned to a run-as role EJB, the user is denied access to the EJB resource.
Click
>On the Configuration page, click
, then click > .