geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alan Cabrera <Alan.Cabr...@reuters.com>
Subject RE: securiy role mapping in openejb-jar.xml ?
Date Thu, 02 Sep 2004 14:54:57 GMT


> -----Original Message-----
> From: Prem kalyan [mailto:prem.kalyan@gmail.com]
> 
> On Thu, 02 Sep 2004 10:22:03 -0400, Alan Cabrera
> <alan.cabrera@reuters.com> wrote:
> >
> >
> > > -----Original Message-----
> > > From: Prem kalyan [mailto:prem.kalyan@gmail.com]
> > > Sent: Thursday, September 02, 2004 10:04 AM
> > > To: user@geronimo.apache.org; dev@geronimo.apache.org
> > > Subject: securiy role mapping in openejb-jar.xml ?
> > >
> > > hi all,
> > >
> > >          I have few questions on security role mappings. Before
that i
> > > want to put my understanding about security mappings.If there is
> > > anything wrong in my understanding please let me know.
> > >
> > >         I think ,
> > >
> > > 1 . In ejb-jar.xml  we declare  security roles in <security-role>
> > tags.
> > >
> > > 2 . In ejb-jar we specify which methods are accessed by which
roles
> > > using <role-name> in <method-permission>.
> > >
> > > 3 . In openejb-jar.xml we asscocite principals to security roles ,
by
> > > this we are allowing
> > > all the principals in a role to access those methods which the
role
> > can
> > > access .
> >
> > So far so good.
> >
> >
> > > Qn :-
> > >
> > >         Why role mappings is part of each EJB.Since we already
defined
> > > what permissions does each role have on each ejb(using
> > > <method-permissions>) why doing it here again.
> > >
> > >         Isn't it  sifficient to map principals to roles in
> > openejb.jar?
> > >
> >
> > This level of indirection allows you to take your beans and use them
in
> > an application server of another vendor, e.g. WebLogic.  The mapping
of
> > principals to roles is an OpenEJB specific mechanism, hence it is in
the
> > openejb-jar.xml file.
> >
> Alan still my question is not answered or i haven't got ur point
> 
>     I got why  role mapping have to be  inside openejb-jar.xml .
> 
>     but why it has to  inside every EJB in openejb-jar.xml.
> 
>     if i have 10 beans do i have to declare my role mapping in each
> and every bean.
> 
>     Aren't role mappings independent of ejb security. I mean we define
> the ejb security in method-permissions using role names.And role
> mappings is just to bind principals with a role names.

If you only declare the principal to role mappings once, regardless of
the number of beans in your jar.


Regards,
Alan





-----------------------------------------------------------------
        Visit our Internet site at http://www.reuters.com

Get closer to the financial markets with Reuters Messaging - for more
information and to register, visit http://www.reuters.com/messaging

Any views expressed in this message are those of  the  individual
sender,  except  where  the sender specifically states them to be
the views of Reuters Ltd.


Mime
View raw message