hi all,
I have few questions on security role mappings. Before that i
want to put my understanding about security mappings.If there is
anything wrong in my understanding please let me know.
I think ,
1 . In ejb-jar.xml we declare security roles in <security-role> tags.
2 . In ejb-jar we specify which methods are accessed by which roles
using <role-name> in <method-permission>.
3 . In openejb-jar.xml we asscocite principals to security roles , by
this we are allowing
all the principals in a role to access those methods which the role can access .
Qn :-
Why role mappings is part of each EJB.Since we already defined
what permissions does each role have on each ejb(using
<method-permissions>) why doing it here again.
Isn't it sifficient to map principals to roles in openejb.jar?
thanx in advance
--
regards,
prem
