geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rbaumhof <>
Subject Prevent EJB by beeing called from web interface
Date Tue, 08 Jul 2008 11:35:25 GMT


we have an application architecture where we use session fassades to access
the software components and  at the backend a DAO pattern to access the
database. The Session fassades and also the DAO's are designed as stateless
session beans. Our security concept is realised by interceptor classes, but
we only want to secure the fassade beans. But of course also the dao's can
be called by the web interface. 

My question is: Is there a way to hide the DAO's "behind" the fassades (make
them only be callable by other EJB's, but not by the web interface)??

much thanks in advance,....
View this message in context:
Sent from the Apache Geronimo - Users mailing list archive at

View raw message