In a nutshell:
Bean Provider:
The Provider codes the Bean. He knows the business logic of the application
and is considered as domain expert. If he uses
string literals for
security roles or objects of the bean environment (String,Boolean,Integer etc), he will add the appr. xml elements in the ejb-jar.xml file.
The Bean class, home interfaces, primary key class etc will be added by the provider as well.
Bean Assembler:
He puts Beans together in a greater environment. He declares ejb-refs and security roles etc.
Bean Deployer:
He deploys the Bean into the appserver and maps references to external resources, such as Databases, MessageProvider. He also maps existing users to the securityroles.
EXAMPLE:
Provider:
<security-role-ref>
<role-name>RolenameInsourcecode</rolename>
<role-link>Will Be Added by Assembler</role-link>
</security-role-ref>
This is also done by Assembler
<security-identity>
<use-caller-identity/>
</security-identity>
...
<security-role>
adminrole
</security-role>
This is done by Deployer
jboss.xml or weblogic.xml for example
<session>
<ejb-name>MyBean</ejb-name>
<jndi-name>TheNameOnTHISAppServer</jndi-name>
</session>
Good luck.
[ August 04, 2005: Message edited by: Marco Barenkamp ]