This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line!
See this thread for details.
The moose likes EJB Certification (SCBCD/OCPJBCD) and the fly likes HF EJB question 1 page 593 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

JavaRanch » Java Forums » Certification » EJB Certification (SCBCD/OCPJBCD)
Bookmark "HF EJB question 1 page 593" Watch "HF EJB question 1 page 593" New topic

HF EJB question 1 page 593

Li Xin
Ranch Hand

Joined: Feb 06, 2004
Posts: 37
Can someone explain what does it mean by bypassing the security authorization? Why answer E is incorrect?
Victor Lar

Joined: Feb 20, 2004
Posts: 7
I think they meant using <unchecked/> tag and it is defined for classes not for instances.
pradeep arum
Ranch Hand

Joined: Oct 01, 2003
Posts: 130
yeah I think the same too...because the authorisation is done on a method by method basis in the deployment descriptor ...where bypass means to avoid any authorisation ...can be done only by using the <unchecked\> tag inside the <method permissions> tag

Failure is not when you fall down; its only when you fail to get up again.
Vince Hon
Ranch Hand

Joined: Feb 11, 2003
Posts: 117
I have 2 questions:

bypass means to avoid any authorisation ...can be done only by using the <unchecked\> tag inside the <method permissions> tag

In my real life ejb running on jboss, I don't have any <method-permissions>.

If I didn't declare any <method-permissions> in the ejb-jar.xml, will the security authorization bypassed on a method ?

2. refer to option E of the questions:
E "Security authorization can be bypassed on an instance by instance basis". --> false

What does it mean ?
As far as I know, security authroziation on instance basis can be done programmatically ( ctx.getCallerPricipal() ). If I not do it programatically, the security authorization can be bypassed, is it right ?
If yes, why option E is false.


Vince Hon<br /> <br />SCJP 1.4 | SCWCD | SCBCD <br /><a href="" target="_blank" rel="nofollow"></a>
Have you checked out Aspose?
subject: HF EJB question 1 page 593
It's not a secret anymore!