• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Question 11.1 In HF EJB

 
feng jiang
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The answer is D: Security authorization can be bypassed on a method by method basis.
What does it mean? Thanks
 
B.Sathish
Ranch Hand
Posts: 372
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If I want to have security authorization for a method, I can have a <method-permission> tag in the DD for that method and specify a <role-name> who can access that method. If I do this, I am enforcing security authorization by specifying that only a particular role can access that method. But, If I want to by-pass security authorization for a method, I simply omit the method-permission tag for that method. Thus for each method, I can decide whether to bypass or enforce authorization. In other words, I can bypass / enforce security authorization on a method-by-method basis.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic