According to the solution, <role-link> element is also optional.
(I verified the DTD of ejb-jar.xml. It is also defined as optional).

My question: What is the purpose of a <security-role-ref> element with just <role-name> element and no <role-link> element ?

How will the system behave when i deploy without role-link element ?

regards
Sankar
[ December 04, 2005: Message edited by: Sankar Subbiramaniam ]

Consider a scenario where the bean provider accidentally used the same role name that the app assembler has in mind . Quite common, if you think about it. If that's the case, the spec does not burden the app assembler to put an unnecessary <role-link> with the same <role-name>. That's why the tag is optional even for the app assembler. If you deploy the app without a <role-link>, the container would look for a <security-role> element with a role-name matching the hard-coded role name in the code.
Having said that, it is important to understand one thing. Even if there is a direct match between the hard-coded role name and a <security-role> role name, if there is a <role-link>, the container always goes by the role-link. This makes sense because the app assembler might want to map "Payroll Director" hardcoded by the bean provider to "Payroll Manager" and use "Payroll Director" for something else.

hope this clarifies

I want to activate this thread from its passivated state because the same thing confuses me.

I like the explanation from B.Sathish but according to this note in the specification at 21.3.3 do I think the answer that says that the <role-link> is optional is wrong! To me this note from the specification indicates that the <role-link> isn�t optional but instead is mandatory:

The Application Assembler links each security role reference to a security role using the role-link element. The value of the role-link element must be the name of one of the security roles defined in a security-role element.

A role-link element must be used even if the value of role-name is the same as the value of the role-link reference.

Doesn�t it seem to be mandatory according to that? Which means that the answer at page 598 in HF EJB is wrong!

Look at the definition of the security-role-ref element in the XML DTD for the EJB 2.0 deployment descriptor.

<!ELEMENT security-role-ref (description?, role-name, role-link?)>

As you can see, the role-link element is optional.

Hum ... I agree! Thanks!

I didn�t thought that I should have to read all the dirty details of that level of the specification, but there is appearently important thngs to know about, and that DD (document definition(!)) is very clear on what the rule is.