This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
yeah I think the same too...because the authorisation is done on a method by method basis in the deployment descriptor ...where bypass means to avoid any authorisation ...can be done only by using the <unchecked\> tag inside the <method permissions> tag thanks Pradeep
Failure is not when you fall down; its only when you fail to get up again.
bypass means to avoid any authorisation ...can be done only by using the <unchecked\> tag inside the <method permissions> tag
In my real life ejb running on jboss, I don't have any <method-permissions>.
If I didn't declare any <method-permissions> in the ejb-jar.xml, will the security authorization bypassed on a method ?
2. refer to option E of the questions: E "Security authorization can be bypassed on an instance by instance basis". --> false
What does it mean ? As far as I know, security authroziation on instance basis can be done programmatically ( ctx.getCallerPricipal() ). If I not do it programatically, the security authorization can be bypassed, is it right ? If yes, why option E is false.