This week's book giveaway is in the Kotlin forum.
We're giving away four copies of Kotlin in Action and have Dmitry Jemerov & Svetlana Isakova on-line!
See this thread for details.
Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

[EJB 2.0 Specs] Security Question. Oh-h-h, tough one  RSS feed

Mikalai Zaikin
Ranch Hand
Posts: 3413
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a question regarding using role references for EJBs.
Here is the excerpt from DD DTD:

We see that 'role-link' is optional, but further we can read :
If the Application Assembler defines the 'security-role' elements in the deployment descriptor, he or she is also responsible for linking all the security role references declared in the 'security-role-ref' elements to the security roles defined in the 'security-role' elements
Also, IMO, it makes no sense to define role reference without role link.
Does that "optional" definition means that it's optional for Bean Provider, but it is a must for ready to deploy EAR (and must be filled by Application Assembler before deployment) ?
If 'no', please, explain me, what is the use of deploying EJB with DD
which has references without links to security roles?
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!