• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Tim Cooke
Sheriffs:
  • Rob Spoor
  • Liutauras Vilda
  • paul wheaton
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Mikalai Zaikin
  • Carey Brown
  • Piet Souris
Bartenders:
  • Stephan van Hulst

The Bean Provider responsibility for the Security.

 
Ranch Hand
Posts: 147
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In spec,

...The Bean Provider should neither implement security mechanisms nor hard-code security policies in the enterprise beans� business methods...


My points is that Bean provider can define security policy at the Instance Level if necessary using the API programmaticall while Application Assebler define the security policy at the Method Level. What do you think?
 
Ranch Hand
Posts: 36
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
--------------------------------------------------------------------------------
My points is that Bean provider can define security policy at the Instance Level if necessary using the API programmaticall while Application Assebler define the security policy at the Method Level. What do you think?
----------------------------------------------------------------------------
Yes, You are right. Bean provider can define security policy at the Instance Level if necessary...I understood that he can restrict the users who dont have permissions to acess that Bean by using isCallerInRole() and nothing else...
In spec,
quote:
--------------------------------------------------------------------------------
...The Bean Provider should neither implement security mechanisms nor hard-code security policies in the enterprise beans� business methods...
-----------------------------------------------------------------------------
I think that Bean Provider should not write any code related to thread safety something like that...which is maintained by the container.
(correct me if iam wrong)
Praveena
 
I didn't do it. You can't prove it. Nobody saw me. The sheep are lying! This tiny ad is my witness!
Smokeless wood heat with a rocket mass heater
https://woodheat.net
reply
    Bookmark Topic Watch Topic
  • New Topic