• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Tim Cooke
  • Devaka Cooray
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
Bartenders:
  • Carey Brown
  • Roland Mueller

Bean Instance Level

 
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have trouble understanding this statement (from ejbcertificate)

"declarative security does not allow you to control authorisation at the bean instance level, only at the class level. If you want to control authorisation at the bean instance level you have to use programmatic security"

This is what I understand : you cannot have different security settings for beans instantiating the same class when controlling authorisation programmatically. Do I get it right ?

Thanks
 
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This is how it goes . We cannot achieve instance level declarative security .We can only achieve declarative security for a bean and not for bean instances .

If you want to achieve such instance level security it can only be achieved programmatically which implies that depending upon your need you can set different security setting for bean instantiating the same class using programmatic authorization . Hope this helped u .
 
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I too have trouble understanding it. If you want to have security at instance level, use programmatic way..

For example, we have a class called "TestBean" and a method "testMethod". Let us assume that we have granted "EmployerRole" in the DD to access this mehtod. So the caller who has "EmployerRole" can access this method on any instance of the TestBean class.

Now let us assume that we need to have security at instance level.. so we put the following code in the class..

public void TestBean implements SessionBean {
public void testMethod() {
----
if (isCallerInRole("AdminRole") {
proceed...
} else {
throw exception...
}
}
}

Here how are you achieving the instance level security. How many instances of the class you instantiate, you get the same code and the same logic and is applicable to all instances...

I don't get it how it is different... Can anyone clarify it please...
 
Ranch Hand
Posts: 211
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


How many instances of the class you instantiate, you get the same code and the same logic and is applicable to all instances...


Srini,
Think of 'instance-level' security as fine grained security logic that is coded based on the 'values' of instance variables (for entity and stateful session beans) or method parameters (for stateless session beans).

Here is a very trivial example:


The above is an example of instance-level security. It does not allow anyone in 'restrictedCustomer' role to have more than 10 items in shopping cart. This security policy may not apply for another instance for the same bean because its 'state' may be different. This type of fine-grained business rules based security policy is difficult to specify in an instance agnostic way.
 
Srini Madala
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Keerti!!! I got it now.
 
Replace the word "snake" with "danger noodle" in all tiny ads.
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic