[EJB 2.0 Specs] Security Question. Oh-h-h, tough one
posted 12 years ago
I have a question regarding using role references for EJBs. Here is the excerpt from DD DTD:
We see that 'role-link' is optional, but further we can read : If the Application Assembler defines the 'security-role' elements in the deployment descriptor, he or she is also responsible for linking all the security role references declared in the 'security-role-ref' elements to the security roles defined in the 'security-role' elements Also, IMO, it makes no sense to define role reference without role link. Does that "optional" definition means that it's optional for Bean Provider, but it is a must for ready to deploy EAR (and must be filled by Application Assembler before deployment) ? If 'no', please, explain me, what is the use of deploying EJB with DD which has references without links to security roles? Thanks........
Java Platform, Enterprise Edition 6 Web Services Developer Certified Expert Exam Study Guide and Quiz Exam 1Z0-810: Upgrade to Java SE 8 Programmer Study Guide and Quiz