As of WebLogic 8.1, jCOM security is now completely handled by WebLogic Server's security mechanism of roles and permissions. All configuration is done through the WebLogic Administrator Console. You must grant access rights to your Java objects in order for them to be exposed to COM clients. The best way to familiarize yourself on how to do this is through the inventory item example found in this chapter. It steps you through the process of granting access rights to individual classes in your application. In that example, you use the Administrator Console under the WebLogicServer/Services/JCOM category to control access to these individual classes (see Figure 33.5). Detailed information about granting and revoking access to individual classes can be found at http://e-docs.bea.com/wls/docs81/ConsoleHelp/security_7xa.html.

jCOM does not currently enforce any security restrictions on callbacks. Therefore, if you pass a Java object reference to a COM object, that COM object has full access to the object.

NOTE

Additional J-Integra classes are shipped with WebLogic in the weblogic.jar (which contains all the jCOM runtime), which can be used to discover the identity of COM clients calling your Java code. When a COM client invokes methods in your Java object via jCOM, you can call

com.linar.jintegra.AuthInfo.getCallerDomain() which will, if it can be ascertained, return the NT domain of the COM client that initiated the current call.
com.linar.jintegra.AuthInfo.getCallerUser() will return, if it can be ascertained, the NT username of the COM client that initiated the current call.

Securing Your Java Objects Against Unauthorized Access

Figure 33.5. Admin Console WebLogicServer/Services/JCOM COM security control screen.