Yes! I think the EJB 1.1 spec *does* require roles used in
isCallerInRole(String roleName) to be explicitly named in the DD. If you
offer something else, your server will be not be standard EJB 1.1.
-----Original Message-----
From: Evan Ireland
To: [EMAIL PROTECTED]
Sent: 5/27/99 2:45 PM
Subject: Re: Instance level authorization
Richard Monson-Haefel wrote:
> Unfortunately, In EJB 1.1 dynamic roles are not possible, so this will
not
> work very well. The role tested using the isCallerInRole( ) must be
> statically defined in the XML DD. It could be one of several
different
> roles, but it can not be arbitrary. You could, for example, tell the
DD
> that the roles TrustFund_A and TrustFund_B may be tested while the
bean is
> running. Then the Application Assembler and Deployer can map these
logical
> roles to real roles in the operational environment.
I don't see any requirement in EJB that means the container cannot
support this. I know that our container will support it.
So I suppose what you are looking for is a statement in the spec that
is more relaxed about the requirement that role names used in
isCallerInRole must be mentioned in the DTD. Or even better, to require
that the container provider support this? Is that what you were looking
for?
========================================================================
===
To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
