You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by Prem kalyan <pr...@gmail.com> on 2004/09/02 16:03:37 UTC

securiy role mapping in openejb-jar.xml ?

hi all,

         I have few questions on security role mappings. Before that i
want to put my understanding about security mappings.If there is
anything wrong in my understanding please let me know.

        I think ,

1 . In ejb-jar.xml  we declare  security roles in <security-role> tags.

2 . In ejb-jar we specify which methods are accessed by which roles
using <role-name> in <method-permission>.

3 . In openejb-jar.xml we asscocite principals to security roles , by
this we are allowing
all the principals in a role to access those methods which the role can access .


Qn :-

        Why role mappings is part of each EJB.Since we already defined
what permissions does each role have on each ejb(using
<method-permissions>) why doing it here again.

        Isn't it  sifficient to map principals to roles in openejb.jar?


thanx in advance
-- 
regards,
prem