Laird Nelson wrote:
>
> Have I lost my mind, or does the specification not tell you how this
> method is supposed to work?
>
> I understand that the specification allows for role-based security. And
> I understand that you can put in your deployment descriptor that only a
> person playing role X can invoke method Y. But the specification says
> nothing about how to tie a caller to a role, yes?
Yes.
That's up to the implementation.
For example, Tomcat (Servlet engine, but same API) will use an XML
document to map users to roles.
I'm now working on using LDAP to get the roles list for an
authenticating users.
You're EJB server might support either model, PAM, NDS, etc.
arkin
>
> Could someone kindly point to what I'm missing? Or is this another of
> those wonderful "container dependent" teeth-gnashing sections?
>
> Cheers,
> Laird
>
> ===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
--
----------------------------------------------------------------------
Assaf Arkin www.exoffice.com
CTO, Exoffice Technologies, Inc. www.exolab.org
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
