Hello, is there a way I can force a context or subcontext to be read-only?
The reason behind my question is that I have potentially many application clients accessing my remote context by
[code]
Properties props = new Properties();
props.setProperty("java.naming.factory.initial", "com.sun.enterprise.naming.SerialInitContextFactory");
props.setProperty("java.naming.factory.url.pkgs", "com.sun.enterprise.naming");
props.setProperty("java.naming.factory.state", "com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl");
props.setProperty("org.omg.CORBA.ORBInitialHost", IP_ADDRESS);
props.setProperty("org.omg.CORBA.ORBInitialPort", PORT);
try
{
Context context = new InitialContext(props);
...
[/code]
A malicious user could easily abuse this by unbinding or rebinding everything on my Context. I understand that I can force the user to first sign in before accessing the Context, but I don't think I have a way to specify what operations they're allowed to do on the Context.
I've found something about this here:
https://glassfish.dev.java.net/issues/show_bug.cgi?id=4217
but I don't know if this ever made it into prelude, or if it did, I don't know how to access it.
Any help or suggestions are very welcome.
Thanks.
[Message sent by forum member 'antilochus' (antilochus)]
http://forums.java.net/jive/thread.jspa?messageID=358289