This week's book giveaway is in the HTML Pages with CSS and JavaScript forum.
We're giving away four copies of Testing JavaScript Applications and have Lucas da Costa on-line!
See this thread for details.
Win a copy of Testing JavaScript Applications this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
  • Piet Souris
  • Frits Walraven
  • Carey Brown

EJB roles: tx attributes and security

Posts: 194
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,
well part-I is really near the corner, I left as last a refresh on EJB roles.
I can see (Sun Architecht certification book) that a few activities are mapped to more then one role.
In particular "setting tx-attributes" seems to be delegated to :

1- bean provider
2- application assembler
3. deployer

Also about security roles it's not clear to me when it's up to the application assembler and when to the deployer.

Can anybody clarify this topic ?
Thanks a lot in advance
Ranch Hand
Posts: 372
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The application assembler is responsible for the transaction attributes. Tx attributes come under the <assembly-descriptor> section which is the app assembler's area

The app assembler is also responsible for creating the logical security roles that make sense for the application. She does this using the security-role element in the DD. But the bean is going to be deployed in the deployer's company and hence the role names defined by the app assembler may not match the real groups in the company. Hence the deployer is responsible for mapping the logical security roles defined by the app assembler to the actual users and groups that exist in his company. This is done in vendor specific way outside of the EJB DD. Also the company may use its own way of storing users and groups, for example have an LDAP authentication server. Its the deployer's responsibility to assign the security domain and the principal realm to the application.

The bean provider may hard code roles in his code to implement programmatic security, he has to announce them in the DD through the security-role-ref element. The app assembler will add a role-link to it to map it to the security-role that she defines
Francesco Marchioni
Posts: 194
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
ok clear, thanks a lot
    Bookmark Topic Watch Topic
  • New Topic