The administration of users and roles is in the administrative domain.
At this point, J2EE does not specify API's in this area. Applications
that wish to manage this information must do this using container
specific API's.
This has been listed on the J2EE 1.3 JSR as an area of future interest.
Laird Nelson wrote:
>
> Shiv Kumar wrote:
> > According to the requirements, we should allow the User to create roles dynamically
> > (something like a CREATE ROLE in Oracle). So, what we were planning was to define
>and
> > document a set of Permissions and their meaning. The user could then give a role
>name
> > and check all the permissions applicable for that role.
> >
> > How is this possible using EJBs?
>
> I don't think it is. Your deployment descriptor, which is of course
> static, defines what roles various methods on various beans will run
> as. Apart from that, the only specification APIs you have to work with
> are queries: isCallerInRole() and getCallerPrincipal(). Note that there
> is no setCallerPrincipal(), or addRoleToPrincipal(), or anything like
> that.
>
> In theory there is a way to get a servlet container that adheres to the
> 2.3 specification to magically create new Principals, but even in that
> specification there is no way to create and/or modify role assignments.
>
> (It's my general belief in authoring specifications that you are
> obligated to either provide both read and write capabilities on
> specification entities (such as roles, principals, etc.) or explain
> thoroughly why you chose to specify, e.g., only read-only APIs. EJB 1.1
> does not do this.)
>
> Cheers,
> Laird
>
> ===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
