Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HF EJB question 1 page 593

 
Li Xin
Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can someone explain what does it mean by bypassing the security authorization? Why answer E is incorrect?
Thanks.
 
Victor Lar
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think they meant using <unchecked/> tag and it is defined for classes not for instances.
 
pradeep arum
Ranch Hand
Posts: 130
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
yeah I think the same too...because the authorisation is done on a method by method basis in the deployment descriptor ...where bypass means to avoid any authorisation ...can be done only by using the <unchecked\> tag inside the <method permissions> tag
thanks
Pradeep
 
Vince Hon
Ranch Hand
Posts: 117
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have 2 questions:

1.
bypass means to avoid any authorisation ...can be done only by using the <unchecked\> tag inside the <method permissions> tag


In my real life ejb running on jboss, I don't have any <method-permissions>.

If I didn't declare any <method-permissions> in the ejb-jar.xml, will the security authorization bypassed on a method ?


2. refer to option E of the questions:
E "Security authorization can be bypassed on an instance by instance basis". --> false

What does it mean ?
As far as I know, security authroziation on instance basis can be done programmatically ( ctx.getCallerPricipal() ). If I not do it programatically, the security authorization can be bypassed, is it right ?
If yes, why option E is false.

Thx
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic