• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HFEJB - Page 598, Q11

 
Sankar Subbiramaniam
Ranch Hand
Posts: 116
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
According to the solution, <role-link> element is also optional.
(I verified the DTD of ejb-jar.xml. It is also defined as optional).

My question: What is the purpose of a <security-role-ref> element with just <role-name> element and no <role-link> element ?

How will the system behave when i deploy without role-link element ?

regards
Sankar
[ December 04, 2005: Message edited by: Sankar Subbiramaniam ]
 
B.Sathish
Ranch Hand
Posts: 372
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Consider a scenario where the bean provider accidentally used the same role name that the app assembler has in mind . Quite common, if you think about it. If that's the case, the spec does not burden the app assembler to put an unnecessary <role-link> with the same <role-name>. That's why the tag is optional even for the app assembler. If you deploy the app without a <role-link>, the container would look for a <security-role> element with a role-name matching the hard-coded role name in the code.
Having said that, it is important to understand one thing. Even if there is a direct match between the hard-coded role name and a <security-role> role name, if there is a <role-link>, the container always goes by the role-link. This makes sense because the app assembler might want to map "Payroll Director" hardcoded by the bean provider to "Payroll Manager" and use "Payroll Director" for something else.

hope this clarifies
 
Jonny Andersson
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I want to activate this thread from its passivated state because the same thing confuses me.

I like the explanation from B.Sathish but according to this note in the specification at 21.3.3 do I think the answer that says that the <role-link> is optional is wrong! To me this note from the specification indicates that the <role-link> isn�t optional but instead is mandatory:


The Application Assembler links each security role reference to a security role using the role-link element. The value of the role-link element must be the name of one of the security roles defined in a security-role element.

A role-link element must be used even if the value of role-name is the same as the value of the role-link reference.


Doesn�t it seem to be mandatory according to that? Which means that the answer at page 598 in HF EJB is wrong!
 
Roger Chung-Wee
Ranch Hand
Posts: 1683
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Look at the definition of the security-role-ref element in the XML DTD for the EJB 2.0 deployment descriptor.



As you can see, the role-link element is optional.
 
Jonny Andersson
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hum ... I agree! Thanks!

I didn�t thought that I should have to read all the dirty details of that level of the specification, but there is appearently important thngs to know about, and that DD (document definition(!)) is very clear on what the rule is.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic