• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Security Question

 
Ranch Hand
Posts: 757
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This Question is from WhizLabs:

Question: The bean deployer is responsible for defining the method permission of an enterprise bean. Is this True or False?

Given Answer is : False


Given Explanation

WhizLabs wrote:The method permission is used to define the permissions to call a method or a group of methods of an enterprise bean. The bean deployer or the application assembler is responsible for defining the method permissions for each security role.



Very confused with this. The explanation says bean deployer or the application assembler is responsible for defining the method permissions, but the given answer is 'false'. Whats wrong with this?
 
Ranch Hand
Posts: 342
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I guess they mean "bean provider or application assembler".
 
Ranch Hand
Posts: 856
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes, these are the bean provider or application assembler, roles who can provide method permissions.

there is a simple funda that i have made for myself- as DD and delpoyer. Both have 'D' in common with each other. So they repel each other. which means deployer can't do modifications in Deployment descriptor. This is i have seen as a key to remember.
 
Ralph Jaus
Ranch Hand
Posts: 342
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Amandeep,

nice to hear from you again.

which means deployer can't do modifications in Deployment descriptor


That's wrong. Usually the deployer is allowed to modify the deployment descriptor. Some extracts from core spec:

(17.4.5) The deployer can use the security view defined in the deployment descriptor by the Bean Provider and Application Assembler merely as "hints" and may change the information whenever necessary to adopt the security policy to the operational environment.


(13.5) The deployer is permitted to override or change the values of trsansaction attributes at deployment time.


(16.3.3) The deployer can modify the values of the environment entries that have been perviously set by the Bean Provider and/or Application Assembler, and must set the values of those environment entries for which no value has been specified.



I think the topic "ejb roles" is somewhat confusing due to some overlapping of the tasks / responsibilities of the bean provider, application assembler and deployer roles. But Enthuware has a number of good questions and explanations concerning ejb roles. It's good and enough to rember these for the exam.
 
Treimin Clark
Ranch Hand
Posts: 757
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Ralph and Amandeep
 
Ranch Hand
Posts: 1936
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I agreed that the bean deployer can modify DD, otherwise this role will be almost meaningless.
 
Amandeep Singh
Ranch Hand
Posts: 856
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Ralph Jaus wrote:Hi Amandeep,

nice to hear from you again.

which means deployer can't do modifications in Deployment descriptor


That's wrong. Usually the deployer is allowed to modify the deployment descriptor. Some extracts from core spec:

(17.4.5) The deployer can use the security view defined in the deployment descriptor by the Bean Provider and Application Assembler merely as "hints" and may change the information whenever necessary to adopt the security policy to the operational environment.


(13.5) The deployer is permitted to override or change the values of trsansaction attributes at deployment time.


(16.3.3) The deployer can modify the values of the environment entries that have been perviously set by the Bean Provider and/or Application Assembler, and must set the values of those environment entries for which no value has been specified.



I think the topic "ejb roles" is somewhat confusing due to some overlapping of the tasks / responsibilities of the bean provider, application assembler and deployer roles. But Enthuware has a number of good questions and explanations concerning ejb roles. It's good and enough to rember these for the exam.




This thing is always typical, the deployer uses container tools to edit the dd. So wherever you see question, deployer editing the dd. There are maximum chances that option is wrong.

This statement is from Enthuware.

Typically, the deployer does not have to specify anything in the deployment descritpor. A deployer uses container tools to create or make available the roles specified in <security-role> elements.


this statement is not only limited to security roles, it can apply to Environment entries or transaction attributes.
In these days, almost every applicaton server or container provider provides tools for Deployer to do above changes. Again, deployer do not touches deployment descrpitor directly but indirectly through container tools.
But nothing will stop him, from using directly. Again so it's a kind of spec. to do it indirectly.

Hope so it makes sense.
 
Ranch Hand
Posts: 170
Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i think the error is in the question.
it should be "the bean provider".
The bean deployer or the application assembler
usually defines roles in the DD.
(though it's not entirely correct, programmatic
authorization can be done only by bean provider)
 
Hong Anderson
Ranch Hand
Posts: 1936
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Amandeep Singh wrote:
This statement is from Enthuware.

Typically, the deployer does not have to specify anything in the deployment descritpor. A deployer uses container tools to create or make available the roles specified in <security-role> elements.


this statement is not only limited to security roles, it can apply to Environment entries or transaction attributes.
In these days, almost every applicaton server or container provider provides tools for Deployer to do above changes. Again, deployer do not touches deployment descrpitor directly but indirectly through container tools.
But nothing will stop him, from using directly. Again so it's a kind of spec. to do it indirectly.

Hope so it makes sense.


Thanks for info, to me in essence it's the same thing, it's editing.
 
Did you just should on me? You should read this tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic