EJB security custom JACC provider

our project has a very detailed authorization pattern

so i had to implement my own JACC provider.

now i have a problem with EJB security.

i have an EJB method and i want to limit access to it based

on its argument values

for example consider the delete(String arg1) EJB method

i want a user be able to run it with arg1=='something'

and be not able to run it otherwise

how could i access to method's argument values?

thanks

Solution

Have you taken a look at EJB interceptors? They have full access to the method's parameters and return value, and can decide to let the call pass through or block it.

How to best utilize ASP .NET Membership database?
how to secure my website
Understanding CSRF
Why can't a malicious site obtain a CSRF token via GET before attacking?
REST API from mobile app - Does securing the first call with a CAPTCHA make sense?
How to disable access security notice "A Potential security concern has been identified"
Addressing critical vulnerabilities in Maven dependencies
IDX10503: Signature validation failed. Token does not have a kid. Keys tried: 'System.Text.StringBuilder'
How can I obtain the user's Logon Session SID (e.g. S-1-5-5-X-Y) or otherwise verify RMF SC-23 Unique Identifiers in Windows
Is it secure to store passwords as environment variables (rather than as plain text) in config files?
How can I skip old vulnerabilities and break only with new ones using Snyk scan on Azure DevSecOps?
Generating a random password in php
Access token and Refresh token best practices ? How to implement Access & Refresh Tokens
Securely storing an access token
Why does angular add ng-version attribute to the app-root html tag
How to properly handle secrets in a local.settings.json file when adding the function source code to a source control repository
Conditional Column-level permissions in PostgreSQL
Embedding youtube video "Refused to display document because display forbidden by X-Frame-Options"
How can I prevent SQL injection in PHP?
IFrame security and CORS
Should I impose a maximum length on passwords?
<app> would like to access data from other apps - macOS Sonoma
SELinux syntax error when optional is used inside a tunable_policy macro
Generate cryptographically secure random numbers in php
How to get through security error pages in the Firefox web browser?
How to handle cookies securely during the REST API call in SWIFT 3 or 4?
Read/write to NFC tag with password protection
Request for the permission of type 'System.Security.Permissions.FileIOPermission.. failed
Azure blocks POST requests from User-Agent Mozilla/5.0 to App Service
How to read a HttpOnly cookie using JavaScript