posted 15 years ago
Hi,
I was practising using Enthuware's EJB+ v5 suite for SCBCD 5 when the following explanation seemed doubtful to me. Any clarification will be appreciated.
"security-role: These are the logical roles that are available to the application. Since these are application specific, these are specified by the application assembler in the deployment descriptor. Also, since these are provided by the application assembler, the application assembler also has the responsibility of mapping security-role-ref to the security-role. Further, since the application assembler knows the business logic, she also specifies which bean methods can be called by which role using the <method-permission> tags."
Is the bold statement correct? Is the assembler expected to know business logic?
[ August 18, 2008: Message edited by: Abhijit Sarkar ]