Hello Friends, Suppose the bean provider has hard coded a security role in the business methods and in the <security-role-ref> section of the DD, he has specified a <role-name> but the application assembler does not specify a <role-link> to map the bean provider given security role to the abstract security role defined by the application assembler since the <role-link> section in the DD is optional. What will happen if the role defined by the bean provider is not an abstract security role in the <assembly-descriptor> section of the DD? Any exceptions will be thrown or what might happen ?
Hi Reghu, It's just my opinion, but I would bet for an error at deploy time (after all the deploy tool has all the information it needs to point the issue). Cheers, Phil.
Reghu Ram Thanumalayan
posted 16 years ago
Hi Phil, Could you elaborate something about the deploy tools because i am not sure about how such an error can be reported ! Is it like when you are about to deploy the bean in some application server, the error will be generated or what ? Thanks for your replies Phil,
howdy, guys !!! I have been asking exactly the same question some time ago [EJB 2.0 Specs] Security Question. Oh-h-h, tough one Nobody answered it But my opinion is that it is optional for Bean Provider. But Application Assembler HAS TO define <role-link> for all references. Other option [this is solely my own opinion] could be that EJB Container may ingnore references without links. Would be fine to hear from some EJB GURU, or REAL EJB GIRL (Kathy, of course )
Exam 1Z0-810: Upgrade to Java SE 8 Programmer Study Guide and Quiz Exam 1Z0-817: Upgrade OCP Java 6, 7 and 8 to Java SE 11 Developer Study Guide and Quiz
Men call me Jim. Women look past me to this tiny ad:
Devious Experiments for a Truly Passive Greenhouse!