Win a copy of Mastering Corda: Blockchain for Java Developers this week in the Cloud/Virtualization forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Bear Bibeault
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Jj Roberts
  • Carey Brown
Bartenders:
  • salvin francis
  • Frits Walraven
  • Piet Souris

The Bean Provider responsibility for the Security.

 
Ranch Hand
Posts: 147
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In spec,

...The Bean Provider should neither implement security mechanisms nor hard-code security policies in the enterprise beans� business methods...


My points is that Bean provider can define security policy at the Instance Level if necessary using the API programmaticall while Application Assebler define the security policy at the Method Level. What do you think?
 
Ranch Hand
Posts: 36
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
--------------------------------------------------------------------------------
My points is that Bean provider can define security policy at the Instance Level if necessary using the API programmaticall while Application Assebler define the security policy at the Method Level. What do you think?
----------------------------------------------------------------------------
Yes, You are right. Bean provider can define security policy at the Instance Level if necessary...I understood that he can restrict the users who dont have permissions to acess that Bean by using isCallerInRole() and nothing else...
In spec,
quote:
--------------------------------------------------------------------------------
...The Bean Provider should neither implement security mechanisms nor hard-code security policies in the enterprise beans� business methods...
-----------------------------------------------------------------------------
I think that Bean Provider should not write any code related to thread safety something like that...which is maintained by the container.
(correct me if iam wrong)
Praveena
 
Nothing? Or something? Like this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic