wood burning stoves 2.0*
The moose likes EJB Certification (SCBCD/OCPJBCD) and the fly likes HF EJB question 1 page 593 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Certification » EJB Certification (SCBCD/OCPJBCD)
Bookmark "HF EJB question 1 page 593" Watch "HF EJB question 1 page 593" New topic
Author

HF EJB question 1 page 593

Li Xin
Ranch Hand

Joined: Feb 06, 2004
Posts: 37
Can someone explain what does it mean by bypassing the security authorization? Why answer E is incorrect?
Thanks.
Victor Lar
Greenhorn

Joined: Feb 20, 2004
Posts: 7
I think they meant using <unchecked/> tag and it is defined for classes not for instances.
pradeep arum
Ranch Hand

Joined: Oct 01, 2003
Posts: 130
yeah I think the same too...because the authorisation is done on a method by method basis in the deployment descriptor ...where bypass means to avoid any authorisation ...can be done only by using the <unchecked\> tag inside the <method permissions> tag
thanks
Pradeep


SCJP1.4,SCBCD
Failure is not when you fall down; its only when you fail to get up again.
Vince Hon
Ranch Hand

Joined: Feb 11, 2003
Posts: 117
I have 2 questions:

1.
bypass means to avoid any authorisation ...can be done only by using the <unchecked\> tag inside the <method permissions> tag


In my real life ejb running on jboss, I don't have any <method-permissions>.

If I didn't declare any <method-permissions> in the ejb-jar.xml, will the security authorization bypassed on a method ?


2. refer to option E of the questions:
E "Security authorization can be bypassed on an instance by instance basis". --> false

What does it mean ?
As far as I know, security authroziation on instance basis can be done programmatically ( ctx.getCallerPricipal() ). If I not do it programatically, the security authorization can be bypassed, is it right ?
If yes, why option E is false.

Thx


Vince Hon<br /> <br />SCJP 1.4 | SCWCD | SCBCD <br /><a href="http://vincehon.homeip.net:8000/VJW" target="_blank" rel="nofollow">http://vincehon.homeip.net:8000/VJW</a>
 
Don't get me started about those stupid light bulbs.
 
subject: HF EJB question 1 page 593