• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

[EJB 2.0 Specs] Security Question. Oh-h-h, tough one

 
Mikalai Zaikin
Ranch Hand
Posts: 3371
12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a question regarding using role references for EJBs.
Here is the excerpt from DD DTD:

We see that 'role-link' is optional, but further we can read :
If the Application Assembler defines the 'security-role' elements in the deployment descriptor, he or she is also responsible for linking all the security role references declared in the 'security-role-ref' elements to the security roles defined in the 'security-role' elements
Also, IMO, it makes no sense to define role reference without role link.
Does that "optional" definition means that it's optional for Bean Provider, but it is a must for ready to deploy EAR (and must be filled by Application Assembler before deployment) ?
If 'no', please, explain me, what is the use of deploying EJB with DD
which has references without links to security roles?
Thanks........
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic