• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Roles/Responsibilites

 
Nikhil Jain
Ranch Hand
Posts: 392
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The role performed by application assembler & bean provider are sometimes same. For example the logical roles can be declared by either app assembler or bean provider. If the question has both these answers then what should be select?
 
J J Wright
Ranch Hand
Posts: 254
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There is no explicit requirement for the Bean Provider or Application to provide a security view of the application. They can perform this role but it's entirely optional. All responsibility for securing the application lies with Deployer.

However, if the Bean Provider uses EJBContext.isCallerInRole() then they obviously must declare the role(s) using either @DeclareRoles or security-role-ref.

So to answer your question I'd always go with what the role has to do, not what it may optionally do, but it al depends on the wording of the question.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic