• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

security DD tags..

 
Ranch Hand
Posts: 1277
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,

I am bit confused about the <security-role> and <security-role-ref> elements. The main confusion is about, which DD tag's values can be used in isCallerInRole(), which are mapped to roles in the environment etc.

I remember having read in HFSJ that the hard coded roles in the bean code (java/dd) can be linked to a environment which has role names different, so we do not need to change the code.

Please give me a code (java+dd) scenario so that this can be appreciated for beans. To be specific I would like these snippets to show how the DD's security tags grow as the code travels through the provider-appn assembler-deployer role chain

thanks in advance!
 
Ranch Hand
Posts: 342
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Now you may use sessionContext.isCallerInRole("SuperUser").
is supplied by the Bean Provider while the rest of the security related tags are set by the Application Assembler.
 
Sheriff
Posts: 14691
16
Eclipse IDE VI Editor Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Also, instead of using the <security-role-ref> tag, you can use the @DeclareRoles annotation

(Example from the spec)
 
Niranjan Deshpande
Ranch Hand
Posts: 1277
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
<role-link> is something that the application assembled decides based on the operational environment. So in this case,
"SuperUser" is the application specific role, that is mapped with the "Admin" operational target specific role.

Correct?
 
Ralph Jaus
Ranch Hand
Posts: 342
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That's correct Niranjan.

<security-role-ref> corresponds to @DeclareRoles, as Christophe pointed out. However, the possibility to link the String used in isCallerInRole ("SuperUser" in my example) to a specific role in the environment ("Admin") is offered only by the deployment descriptor, not by annotations.



 
Niranjan Deshpande
Ranch Hand
Posts: 1277
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I got it! Thanks guys!
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic