Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

security DD tags..

 
Niranjan Deshpande
Ranch Hand
Posts: 1277
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

I am bit confused about the <security-role> and <security-role-ref> elements. The main confusion is about, which DD tag's values can be used in isCallerInRole(), which are mapped to roles in the environment etc.

I remember having read in HFSJ that the hard coded roles in the bean code (java/dd) can be linked to a environment which has role names different, so we do not need to change the code.

Please give me a code (java+dd) scenario so that this can be appreciated for beans. To be specific I would like these snippets to show how the DD's security tags grow as the code travels through the provider-appn assembler-deployer role chain

thanks in advance!
 
Ralph Jaus
Ranch Hand
Posts: 342
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Now you may use sessionContext.isCallerInRole("SuperUser").
is supplied by the Bean Provider while the rest of the security related tags are set by the Application Assembler.
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Also, instead of using the <security-role-ref> tag, you can use the @DeclareRoles annotation

(Example from the spec)
 
Niranjan Deshpande
Ranch Hand
Posts: 1277
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
<role-link> is something that the application assembled decides based on the operational environment. So in this case,
"SuperUser" is the application specific role, that is mapped with the "Admin" operational target specific role.

Correct?
 
Ralph Jaus
Ranch Hand
Posts: 342
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's correct Niranjan.

<security-role-ref> corresponds to @DeclareRoles, as Christophe pointed out. However, the possibility to link the String used in isCallerInRole ("SuperUser" in my example) to a specific role in the environment ("Admin") is offered only by the deployment descriptor, not by annotations.



 
Niranjan Deshpande
Ranch Hand
Posts: 1277
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I got it! Thanks guys!
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic