We have fat (t3) clients accessing EJBs on WLS. We have not found a way
to prevent the fat clients from accessing the JDBC Connection Pools. In
essence, allowing t3 access to WLS allows all users full access to any
database WLS connects to.

There is no way to
1) Allow an *authenticated* user access to an EJB
2) Prevent this same user from accessing a jdbc connection pool used by
this EJB.

It is possible to restrict access to a JDBC connection pool to a
specified group/role; however, if the user is in this group/role, then
they can access the JDBC connection pool. Note that the EJB runs as the
caller's subject, so, in order for the EJB to work, the caller has to
have access to the JDBC Connection pool.

In essence, I would like to simply "shut off" the WebLogic RMI Driver,
and prevent Data Sources from being available remotely, and any other
RMI access to JDBC Connection Pools. How do I do this?