geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Prem kalyan <>
Subject securiy role mapping in openejb-jar.xml ?
Date Thu, 02 Sep 2004 14:03:37 GMT
hi all,

         I have few questions on security role mappings. Before that i
want to put my understanding about security mappings.If there is
anything wrong in my understanding please let me know.

        I think ,

1 . In ejb-jar.xml  we declare  security roles in <security-role> tags.

2 . In ejb-jar we specify which methods are accessed by which roles
using <role-name> in <method-permission>.

3 . In openejb-jar.xml we asscocite principals to security roles , by
this we are allowing
all the principals in a role to access those methods which the role can access .

Qn :-

        Why role mappings is part of each EJB.Since we already defined
what permissions does each role have on each ejb(using
<method-permissions>) why doing it here again.

        Isn't it  sifficient to map principals to roles in openejb.jar?

thanx in advance

View raw message