Re: securiy role mapping in openejb-jar.xml ?

2 Sep 2004 14:43:35 -0000 

On Thu, 02 Sep 2004 10:22:03 -0400, Alan Cabrera
<[EMAIL PROTECTED]> wrote:
> 
> 
> > -----Original Message-----
> > From: Prem kalyan [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, September 02, 2004 10:04 AM
> > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> > Subject: securiy role mapping in openejb-jar.xml ?
> >
> > hi all,
> >
> >          I have few questions on security role mappings. Before that i
> > want to put my understanding about security mappings.If there is
> > anything wrong in my understanding please let me know.
> >
> >         I think ,
> >
> > 1 . In ejb-jar.xml  we declare  security roles in <security-role>
> tags.
> >
> > 2 . In ejb-jar we specify which methods are accessed by which roles
> > using <role-name> in <method-permission>.
> >
> > 3 . In openejb-jar.xml we asscocite principals to security roles , by
> > this we are allowing
> > all the principals in a role to access those methods which the role
> can
> > access .
> 
> So far so good.
> 
> 
> > Qn :-
> >
> >         Why role mappings is part of each EJB.Since we already defined
> > what permissions does each role have on each ejb(using
> > <method-permissions>) why doing it here again.
> >
> >         Isn't it  sifficient to map principals to roles in
> openejb.jar?
> >
> 
> This level of indirection allows you to take your beans and use them in
> an application server of another vendor, e.g. WebLogic.  The mapping of
> principals to roles is an OpenEJB specific mechanism, hence it is in the
> openejb-jar.xml file.
> 
Alan still my question is not answered or i haven't got ur point

    I got why  role mapping have to be  inside openejb-jar.xml .

    but why it has to  inside every EJB in openejb-jar.xml.
     
    if i have 10 beans do i have to declare my role mapping in each
and every bean.
    
    Aren't role mappings independent of ejb security. I mean we define
the ejb security in method-permissions using role names.And role
mappings is just to bind principals with a role names.


 
> Regards,
> Alan
> 
> -----------------------------------------------------------------
>         Visit our Internet site at http://www.reuters.com
> 
> Get closer to the financial markets with Reuters Messaging - for more
> information and to register, visit http://www.reuters.com/messaging
> 
> Any views expressed in this message are those of  the  individual
> sender,  except  where  the sender specifically states them to be
> the views of Reuters Ltd.
> 
> 

thanx in advance
-- 
regards,
prem

Reply via email to