• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

The Bean Provider responsibility for the Security.

 
Alibabra Sanjie
Ranch Hand
Posts: 147
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In spec,
...The Bean Provider should neither implement security mechanisms nor hard-code security policies in the enterprise beans� business methods...

My points is that Bean provider can define security policy at the Instance Level if necessary using the API programmaticall while Application Assebler define the security policy at the Method Level. What do you think?
 
Praveena Venigalla
Ranch Hand
Posts: 36
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
--------------------------------------------------------------------------------
My points is that Bean provider can define security policy at the Instance Level if necessary using the API programmaticall while Application Assebler define the security policy at the Method Level. What do you think?
----------------------------------------------------------------------------
Yes, You are right. Bean provider can define security policy at the Instance Level if necessary...I understood that he can restrict the users who dont have permissions to acess that Bean by using isCallerInRole() and nothing else...
In spec,
quote:
--------------------------------------------------------------------------------
...The Bean Provider should neither implement security mechanisms nor hard-code security policies in the enterprise beans� business methods...
-----------------------------------------------------------------------------
I think that Bean Provider should not write any code related to thread safety something like that...which is maintained by the container.
(correct me if iam wrong)
Praveena
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic