> -----Original Message-----
> From: Prem kalyan [mailto:[EMAIL PROTECTED]
>
> On Thu, 02 Sep 2004 10:22:03 -0400, Alan Cabrera
> <[EMAIL PROTECTED]> wrote:
> >
> >
> > > -----Original Message-----
> > > From: Prem kalyan [mailto:[EMAIL PROTECTED]
> > > Sent: Thursday, September 02, 2004 10:04 AM
> > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> > > Subject: securiy role mapping in openejb-jar.xml ?
> > >
> > > hi all,
> > >
> > > I have few questions on security role mappings. Before
that i
> > > want to put my understanding about security mappings.If there is
> > > anything wrong in my understanding please let me know.
> > >
> > > I think ,
> > >
> > > 1 . In ejb-jar.xml we declare security roles in <security-role>
> > tags.
> > >
> > > 2 . In ejb-jar we specify which methods are accessed by which
roles
> > > using <role-name> in <method-permission>.
> > >
> > > 3 . In openejb-jar.xml we asscocite principals to security roles ,
by
> > > this we are allowing
> > > all the principals in a role to access those methods which the
role
> > can
> > > access .
> >
> > So far so good.
> >
> >
> > > Qn :-
> > >
> > > Why role mappings is part of each EJB.Since we already
defined
> > > what permissions does each role have on each ejb(using
> > > <method-permissions>) why doing it here again.
> > >
> > > Isn't it sifficient to map principals to roles in
> > openejb.jar?
> > >
> >
> > This level of indirection allows you to take your beans and use them
in
> > an application server of another vendor, e.g. WebLogic. The mapping
of
> > principals to roles is an OpenEJB specific mechanism, hence it is in
the
> > openejb-jar.xml file.
> >
> Alan still my question is not answered or i haven't got ur point
>
> I got why role mapping have to be inside openejb-jar.xml .
>
> but why it has to inside every EJB in openejb-jar.xml.
>
> if i have 10 beans do i have to declare my role mapping in each
> and every bean.
>
> Aren't role mappings independent of ejb security. I mean we define
> the ejb security in method-permissions using role names.And role
> mappings is just to bind principals with a role names.
If you only declare the principal to role mappings once, regardless of
the number of beans in your jar.
Regards,
Alan
-----------------------------------------------------------------
Visit our Internet site at http://www.reuters.com
Get closer to the financial markets with Reuters Messaging - for more
information and to register, visit http://www.reuters.com/messaging
Any views expressed in this message are those of the individual
sender, except where the sender specifically states them to be
the views of Reuters Ltd.
