wood burning stoves 2.0*
The moose likes EJB Certification (SCBCD/OCPJBCD) and the fly likes security DD tags.. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Certification » EJB Certification (SCBCD/OCPJBCD)
Bookmark "security DD tags.." Watch "security DD tags.." New topic
Author

security DD tags..

Niranjan Deshpande
Ranch Hand

Joined: Oct 16, 2005
Posts: 1277
Hi all,

I am bit confused about the <security-role> and <security-role-ref> elements. The main confusion is about, which DD tag's values can be used in isCallerInRole(), which are mapped to roles in the environment etc.

I remember having read in HFSJ that the hard coded roles in the bean code (java/dd) can be linked to a environment which has role names different, so we do not need to change the code.

Please give me a code (java+dd) scenario so that this can be appreciated for beans. To be specific I would like these snippets to show how the DD's security tags grow as the code travels through the provider-appn assembler-deployer role chain

thanks in advance!


SCJP 1.4 - 95% [ My Story ] - SCWCD 1.4 - 91% [ My Story ]
Performance is a compulsion, not a option, if my existence is to be justified.
Ralph Jaus
Ranch Hand

Joined: Apr 27, 2008
Posts: 342
Now you may use sessionContext.isCallerInRole("SuperUser").
is supplied by the Bean Provider while the rest of the security related tags are set by the Application Assembler.


SCJP 5 (98%) - SCBCD 5 (98%)
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14688
    
  16

Also, instead of using the <security-role-ref> tag, you can use the @DeclareRoles annotation

(Example from the spec)


[My Blog]
All roads lead to JavaRanch
Niranjan Deshpande
Ranch Hand

Joined: Oct 16, 2005
Posts: 1277
<role-link> is something that the application assembled decides based on the operational environment. So in this case,
"SuperUser" is the application specific role, that is mapped with the "Admin" operational target specific role.

Correct?
Ralph Jaus
Ranch Hand

Joined: Apr 27, 2008
Posts: 342
That's correct Niranjan.

<security-role-ref> corresponds to @DeclareRoles, as Christophe pointed out. However, the possibility to link the String used in isCallerInRole ("SuperUser" in my example) to a specific role in the environment ("Admin") is offered only by the deployment descriptor, not by annotations.



Niranjan Deshpande
Ranch Hand

Joined: Oct 16, 2005
Posts: 1277
I got it! Thanks guys!
 
GeeCON Prague 2014
 
subject: security DD tags..