--------------------------------------------------------------------------------
My points is that Bean provider can define security policy at the Instance Level if necessary using the API programmaticall while Application Assebler define the security policy at the Method Level. What do you think?
----------------------------------------------------------------------------
Yes, You are right. Bean provider can define security policy at the Instance Level if necessary...I understood that he can restrict the users who dont have permissions to acess that Bean by using isCallerInRole() and nothing else...
In spec,
quote:
--------------------------------------------------------------------------------
...The Bean Provider should neither implement security mechanisms nor hard-code security policies in the enterprise beans� business methods...
-----------------------------------------------------------------------------
I think that Bean Provider should not write any code related to
thread safety something like that...which is maintained by the container.
(correct me if iam wrong)
Praveena