|Oracle8i CORBA Developer's Guide and Reference
Release 3 (8.1.7)
Part Number A83722-01
In addition to authentication and privacy, Oracle8i supports controlled access to the classes that make up CORBA and EJB objects. Only users or roles that have been granted execute rights to the Java class of an object stored in the database can activate the object and invoke methods on it.
You can control execute rights on Java classes with the following tools:
loadjava. See the Oracle8i Java Developer's Guide for more information about
loadjavaand execution rights on Java classes in the database.
Use the SQL command REVOKE EXECUTE to remove execute rights for a user from a loaded Java class.
You can control permissions on a published object through the following:
-grantoption with the
chowncommands within the Session Shell. You must be connected to the Session Shell as the user SYS to use the
ls -l command in the session shell to view the permissions (EXECUTE, READ, and WRITE) and the owner of a published object.
There are three "built-in" server objects that a client can access without being authenticated, as shown below:
You can activate these objects using
serviceCtx.lookup() without authentication. See the "Logging In and Out of the JServer Session" for an example that access the
Login object explicitly.