• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Bear Bibeault
  • Henry Wong
  • Devaka Cooray
Saloon Keepers:
  • salvin francis
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Frits Walraven
Bartenders:
  • Jj Roberts
  • Carey Brown
  • Scott Selikoff

The Bean Provider responsibility for the Security.

 
Ranch Hand
Posts: 147
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In spec,

...The Bean Provider should neither implement security mechanisms nor hard-code security policies in the enterprise beans� business methods...


My points is that Bean provider can define security policy at the Instance Level if necessary using the API programmaticall while Application Assebler define the security policy at the Method Level. What do you think?
 
Ranch Hand
Posts: 36
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
--------------------------------------------------------------------------------
My points is that Bean provider can define security policy at the Instance Level if necessary using the API programmaticall while Application Assebler define the security policy at the Method Level. What do you think?
----------------------------------------------------------------------------
Yes, You are right. Bean provider can define security policy at the Instance Level if necessary...I understood that he can restrict the users who dont have permissions to acess that Bean by using isCallerInRole() and nothing else...
In spec,
quote:
--------------------------------------------------------------------------------
...The Bean Provider should neither implement security mechanisms nor hard-code security policies in the enterprise beans� business methods...
-----------------------------------------------------------------------------
I think that Bean Provider should not write any code related to thread safety something like that...which is maintained by the container.
(correct me if iam wrong)
Praveena
 
Alas, poor Yorick, he knew this tiny ad:
the value of filler advertising in 2021
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic