Hello Friends, Suppose the bean provider has hard coded a security role in the business methods and in the <security-role-ref> section of the DD, he has specified a <role-name> but the application assembler does not specify a <role-link> to map the bean provider given security role to the abstract security role defined by the application assembler since the <role-link> section in the DD is optional. What will happen if the role defined by the bean provider is not an abstract security role in the <assembly-descriptor> section of the DD? Any exceptions will be thrown or what might happen ?
Hi Phil, Could you elaborate something about the deploy tools because i am not sure about how such an error can be reported ! Is it like when you are about to deploy the bean in some application server, the error will be generated or what ? Thanks for your replies Phil,
howdy, guys !!! I have been asking exactly the same question some time ago [EJB 2.0 Specs] Security Question. Oh-h-h, tough one Nobody answered it But my opinion is that it is optional for Bean Provider. But Application Assembler HAS TO define <role-link> for all references. Other option [this is solely my own opinion] could be that EJB Container may ingnore references without links. Would be fine to hear from some EJB GURU, or REAL EJB GIRL (Kathy, of course )