Ralph Jaus wrote:Hi Amandeep,
nice to hear from you again.
which means deployer can't do modifications in Deployment descriptor
That's wrong. Usually the deployer is allowed to modify the deployment descriptor. Some extracts from core spec:
(17.4.5) The deployer can use the security view defined in the deployment descriptor by the Bean Provider and Application Assembler merely as "hints" and may change the information whenever necessary to adopt the security policy to the operational environment.
(13.5) The deployer is permitted to override or change the values of trsansaction attributes at deployment time.
(16.3.3) The deployer can modify the values of the environment entries that have been perviously set by the Bean Provider and/or Application Assembler, and must set the values of those environment entries for which no value has been specified.
I think the topic "ejb roles" is somewhat confusing due to some overlapping of the tasks / responsibilities of the bean provider, application assembler and deployer roles. But Enthuware has a number of good questions and explanations concerning ejb roles. It's good and enough to rember these for the exam.
This thing is always typical, the deployer uses container tools to edit the dd. So wherever you see question, deployer editing the dd. There are maximum chances that option is wrong.
This statement is from Enthuware.
Typically, the deployer does not have to specify anything in the deployment descritpor. A deployer uses container tools to create or make available the roles specified in <security-role> elements.
this statement is not only limited to security roles, it can apply to Environment entries or transaction attributes.
In these days, almost every applicaton server or container provider provides tools for Deployer to do above changes. Again, deployer do not touches deployment descrpitor directly but indirectly through container tools.
But nothing will stop him, from using directly. Again so it's a kind of spec. to do it indirectly.
Hope so it makes sense.