geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Prem kalyan <prem.kal...@gmail.com>
Subject Re: securiy role mapping in openejb-jar.xml ?
Date Thu, 02 Sep 2004 17:08:30 GMT
thanx Alan,

           I have small question. Just out of curiosity, i may be wrong

On Thu, 02 Sep 2004 10:54:57 -0400, Alan Cabrera
<alan.cabrera@reuters.com> wrote:
> 
> 
> > -----Original Message-----
> > From: Prem kalyan [mailto:prem.kalyan@gmail.com]
> >
> > On Thu, 02 Sep 2004 10:22:03 -0400, Alan Cabrera
> > <alan.cabrera@reuters.com> wrote:
> > >
> > >
> > > > -----Original Message-----
> > > > From: Prem kalyan [mailto:prem.kalyan@gmail.com]
> > > > Sent: Thursday, September 02, 2004 10:04 AM
> > > > To: user@geronimo.apache.org; dev@geronimo.apache.org
> > > > Subject: securiy role mapping in openejb-jar.xml ?
> > > >
> > > > hi all,
> > > >
> > > >          I have few questions on security role mappings. Before
> that i
> > > > want to put my understanding about security mappings.If there is
> > > > anything wrong in my understanding please let me know.
> > > >
> > > >         I think ,
> > > >
> > > > 1 . In ejb-jar.xml  we declare  security roles in <security-role>
> > > tags.
> > > >
> > > > 2 . In ejb-jar we specify which methods are accessed by which
> roles
> > > > using <role-name> in <method-permission>.
> > > >
> > > > 3 . In openejb-jar.xml we asscocite principals to security roles ,
> by
> > > > this we are allowing
> > > > all the principals in a role to access those methods which the
> role
> > > can
> > > > access .
> > >
> > > So far so good.
> > >
> > >
> > > > Qn :-
> > > >
> > > >         Why role mappings is part of each EJB.Since we already
> defined
> > > > what permissions does each role have on each ejb(using
> > > > <method-permissions>) why doing it here again.
> > > >
> > > >         Isn't it  sifficient to map principals to roles in
> > > openejb.jar?
> > > >
> > >
> > > This level of indirection allows you to take your beans and use them
> in
> > > an application server of another vendor, e.g. WebLogic.  The mapping
> of
> > > principals to roles is an OpenEJB specific mechanism, hence it is in
> the
> > > openejb-jar.xml file.
> > >
> > Alan still my question is not answered or i haven't got ur point
> >
> >     I got why  role mapping have to be  inside openejb-jar.xml .
> >
> >     but why it has to  inside every EJB in openejb-jar.xml.
> >
> >     if i have 10 beans do i have to declare my role mapping in each
> > and every bean.
> >
> >     Aren't role mappings independent of ejb security. I mean we define
> > the ejb security in method-permissions using role names.And role
> > mappings is just to bind principals with a role names.
> 
> If you only declare the principal to role mappings once, regardless of
> the number of beans in your jar.

                 Then why role-mapping entries part of ejb.Won't it be
nice to have it outside EJB's , as an independent entry.If it has
anyother advantage plz let me know


thanx in advance,

                 

> 
> 
> 
> 
> Regards,
> Alan
> 
> -----------------------------------------------------------------
>         Visit our Internet site at http://www.reuters.com
> 
> Get closer to the financial markets with Reuters Messaging - for more
> information and to register, visit http://www.reuters.com/messaging
> 
> Any views expressed in this message are those of  the  individual
> sender,  except  where  the sender specifically states them to be
> the views of Reuters Ltd.
> 
> 


-- 
regards,
prem

Mime
View raw message