About Question com.enthuware.ets.scbcd.v5.2.269 :
Posted: Thu Jun 30, 2011 10:45 am
Your explanation of this:
Always remember this:
1. security-role-ref: This is the name used by the bean code to refer to a security role. Since it is used inside the bean code, the provider specifies it in the deployment descriptor.
2. security-role: These are the logical roles that are available to the application. Since these are application specific, these are specified by the application assembler in the deployment descriptor. Also, since these are provided by the application assembler, the application assembler also has the responsibility of mapping security-role-ref to the security-role. Further, since the application assembler knows the business logic, she also specifies which bean methods can be called by which role using the <method-permission> tags.
3. The deployer makes sure that the roles required by the application assembler are avaible in the target system. The Deployer's job is to map the security view that was specified by the Application Assembler to the mechanisms and policies used by the security domain in the target operational environment. The output of the Deployer's work includes an application security policy descriptor that is specific to the operational environment. The format of this descriptor and the information stored in the descriptor are specific to the EJB Container.
The Deployer is also responsible for assigning the security domain and principal realm to an enterprise bean application.
But when I look at 17.3.1 Security Roles of ejb-3_0_fr-spec, it describes that:
.............
The Bean Provider or Application Assembler defines method permissions for each security role.
.................
If the deployment descriptor is used, the The Bean Provider and/or Application Assembler uses the
security-role deployment descriptor element as follows:
• Define each security role using a security-role element.
• Use the role-name element to define the name of the security role.
• Optionally, use the description element to provide a description of a security role
That makes me be confused. So which is correct?
Always remember this:
1. security-role-ref: This is the name used by the bean code to refer to a security role. Since it is used inside the bean code, the provider specifies it in the deployment descriptor.
2. security-role: These are the logical roles that are available to the application. Since these are application specific, these are specified by the application assembler in the deployment descriptor. Also, since these are provided by the application assembler, the application assembler also has the responsibility of mapping security-role-ref to the security-role. Further, since the application assembler knows the business logic, she also specifies which bean methods can be called by which role using the <method-permission> tags.
3. The deployer makes sure that the roles required by the application assembler are avaible in the target system. The Deployer's job is to map the security view that was specified by the Application Assembler to the mechanisms and policies used by the security domain in the target operational environment. The output of the Deployer's work includes an application security policy descriptor that is specific to the operational environment. The format of this descriptor and the information stored in the descriptor are specific to the EJB Container.
The Deployer is also responsible for assigning the security domain and principal realm to an enterprise bean application.
But when I look at 17.3.1 Security Roles of ejb-3_0_fr-spec, it describes that:
.............
The Bean Provider or Application Assembler defines method permissions for each security role.
.................
If the deployment descriptor is used, the The Bean Provider and/or Application Assembler uses the
security-role deployment descriptor element as follows:
• Define each security role using a security-role element.
• Use the role-name element to define the name of the security role.
• Optionally, use the description element to provide a description of a security role
That makes me be confused. So which is correct?