About Question enthuware.oce-ejbd.v6.2.573 :
Posted: Sun Oct 14, 2012 2:51 am
I think that this question has two correct answers ("Deployer assigns principals to the security roles.") and:
"Bean provider declares the logical security roles used in the application."
If I read the specifications well,
The logical security roles defined by the Bean Provider are then mapped to the security roles of the environment (by the Deployer)
Regards,
Frits
"Bean provider declares the logical security roles used in the application."
If I read the specifications well,
the roles defined by the Bean Provider (using the @DeclareRoles, or dd) are called logical security roles.17.3.1 Security Roles
The Bean Provider or Application Assembler can define one or more security roles in the bean’s metadata annotations or deployment descriptor.
...
Because the Bean Provider and Application Assembler do not, in general, know the security environment of the operational environment, the security roles are meant to be logical roles (or actors), each representing a type of user that should have the same access rights to the application.
The logical security roles defined by the Bean Provider are then mapped to the security roles of the environment (by the Deployer)
Regards,
Frits