Win a copy of Machine Learning Systems: Designs that scale this week in the Scala forum
or Xamarin in Action: Creating native cross-platform mobile apps in the Android forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

[EJB3] About security and the Deployer role  RSS feed

 
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
From what I have understood, the Deployer assigns principals to roles defined in both DeclareRoles and RolesAllowed annotations, and the security-role elements in the deployment descriptor.
I'm fine with the deployment descriptor. It's like EJB2. But how is the Deployer going to gather roles defined with annotations ? Using a magic wand ?
 
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

either tools inspect the packaged EJB or the EJB application/component will have to discuss these roles in documentation--in the enterprise, documentation is a good thing anyway.

By the way, this problem is not completely new: for example, how would a deployer know about roles that are only referenced in calls to EJBContext.isCallerInRole(String), even in a EJB 2.x application?

I think some (lightweight) documentation is the way to go...

Cheers,
Oliver
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

how would a deployer know about roles that are only referenced in calls to EJBContext.isCallerInRole(String), even in a EJB 2.x application?


I thought that the Bean Developer was responsible for setting pseudo-roles in the deployment descriptor. But I thought it was not particularly needed in 3.0. Well, as you said, documentation will be needed, or a tool scanning the classes. Thank you.
 
Oliver Kamps
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Of course, you were right. DeclareRoles is the annotation that corresponds to EJBContext.isCallerInRole().

A container could certainly scan an EJB's class file for these annotations much like it would scan a deployment constructor.
 
my overalls have superpowers - they repel people who think fashion is important. Tiny ad:
Rocket Oven Kickstarter - from the trailboss
https://coderanch.com/t/695773/Rocket-Oven-Kickstarter-trailboss
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!