Given a security-related deployment descriptor tag, identify correct and incorrect statements and code related to that tag.

This page discusses - Given a security-related deployment descriptor tag, identify correct and incorrect statements and code related to that tag.

Given a security-related deployment descriptor tag, identify correct and incorrect statements and code related to that tag.

Given a security-related deployment descriptor tag, identify correct and incorrect statements and code related to that tag.
Prev Chapter 14. Security Management Next

   

Given a security-related deployment descriptor tag, identify correct and incorrect statements and code related to that tag.

The following example illustrates a security role definition (made by Application Assembler) in a deployment descriptor: 


<assembly-descriptor>

	<security-role>
		<description>
			This role includes the employees of the
			enterprise who are allowed to access the
			employee self-service application. This role
			is allowed only to access his/her own
			information.
		</description>
		<role-name>employee</role-name>
	</security-role>

	<security-role>
		<description>
			This role includes the employees of the human
			resources department. The role is allowed to
			view and update all employee records.
		</description>
		<role-name>hr-department</role-name>
	</security-role>

	<security-role>
		<description>
			This role includes the employees of the payroll
			department. The role is allowed to view and
			update the payroll entry for any employee.
		</description>
		<role-name>payroll-department</role-name>
	</security-role>

	<security-role>
		<description>
			This role should be assigned to the personnel
			authorized to perform administrative functions
			for the employee self-service application.
			This role does not have direct access to
			sensitive employee and payroll information.
		</description>
		<role-name>admin</role-name>
	</security-role>

</assembly-descriptor>

The following example illustrates how an enterprise bean's references to security roles are declared in the deployment descriptor (defined by Bean Provider): 


<enterprise-beans>
	...
	<entity>
		<ejb-name>AardvarkPayroll</ejb-name>
		<ejb-class>com.aardvark.payroll.PayrollBean</ejb-class>
		...
		<security-role-ref>
			<description>
				This security role should be assigned to the
				employees of the payroll department who are
				allowed to update employees' salaries.
			</description>
			<role-name>payroll</role-name>
		</security-role-ref>
		...
	</entity>
	...
</enterprise-beans>
The deployment descriptor above indicates that the enterprise bean AardvarkPayroll makes the security check using isCallerInRole("payroll") in its business method.

The following deployment descriptor example shows how to link (by Application Assembler) the security role reference named payroll to the security role named payroll-department: 


<entity>
	<ejb-name>AardvarkPayroll</ejb-name>
	<ejb-class>com.aardvark.payroll.PayrollBean</ejb-class>
	...
	<security-role-ref>
		<description>
			This role should be assigned to the
			employees of the payroll department.
			Members of this role have access to
			anyone's payroll record.
			The role has been linked to the
			payroll-department role.
		</description>
		<role-name>payroll</role-name>
		<role-link>payroll-department</role-link>
	</security-role-ref>
	...
</entity>

The following example illustrates how security roles are assigned method permissions (by Application Assembler) in the deployment descriptor: 


<assembly-descriptor>
	<method-permission>
		<role-name>employee</role-name>
		<method>
			<ejb-name>EmployeeService</ejb-name>
			<method-name>*</method-name>
		</method>
	</method-permission>

	<method-permission>
		<role-name>employee</role-name>
		<method>
			<ejb-name>AardvarkPayroll</ejb-name>
			<method-name>findByPrimaryKey</method-name>
		</method>
		<method>
			<ejb-name>AardvarkPayroll</ejb-name>
			<method-name>getEmployeeInfo</method-name>
		</method>
		<method>
			<ejb-name>AardvarkPayroll</ejb-name>
			<method-name>updateEmployeeInfo</method-name>
		</method>
	</method-permission>

	<method-permission>
		<role-name>payroll-department</role-name>
		<method>
			<ejb-name>AardvarkPayroll</ejb-name>
			<method-name>findByPrimaryKey</method-name>
		</method>
		<method>
			<ejb-name>AardvarkPayroll</ejb-name>
			<method-name>getEmployeeInfo</method-name>
		</method>
		<method>
			<ejb-name>AardvarkPayroll</ejb-name>
			<method-name>updateEmployeeInfo</method-name>
		</method>
		<method>
			<ejb-name>AardvarkPayroll</ejb-name>
			<method-name>updateSalary</method-name>
		</method>
	</method-permission>

	<method-permission>
		<role-name>admin</role-name>
		<method>
			<ejb-name>EmployeeServiceAdmin</ejb-name>
			<method-name>*</method-name>
		</method>
	</method-permission>
</assembly-descriptor>

The following example illustrates the definition of a security-identity identity in the deployment descriptor (by Application Assembler): 


<enterprise-beans>

	<entity>
		<ejb-name>Account</ejb-name>
		......
		<security-identity>
			<description>security description</description>
			<run-as>
				<description>role 'accountRole' description</description>
				<role-name>accountRole</role-name> 
			</run-as>
		</security-identity>
	</entity>

	<entity>
		<ejb-name>Customer</ejb-name>
		......
		<security-identity>
			<use-caller-identity/> 
		</security-identity>
	</entity>

</enterprise-beans>
NOTE, use-caller-identity cannot be used for message-driven.

Visit http://java.boot.by  for the updates.

   

Prev Up Next
Given a code listing, determine whether it is a legal and appropriate way to programmatically access a caller's security context.  Home Part II. Appendixes

Tutorials

  1. Appendix A. First Appendix
  2. Second Section
  3. Third Section
  4. Part II. Appendixes
  5. From a list, identify the responsibility of the bean provider and the responsibility of the container provider for a message-driven bean.
  6. Chapter 6. Component Contract for Container-Managed Persistence (CMP)
  7. Identify correct and incorrect statements or examples about persistent relationships, remove protocols, and about the abstract schema type of a CMP entity bean.
  8. Identify the interfaces and methods a CMP entity bean must and must not implement.
  9. Match the name with a description of purpose or functionality, for each of the following deployment descriptor elements: ejb-name, abstract-schema-name, ejb-relation, ejb-relat
  10. Identify correctly-implemented deployment descriptor elements for a CMP bean (including container-managed relationships).
  11. From a list, identify the purpose, behavior, and responsibilities of the bean provider for a CMP entity bean, including but not limited to: setEntityContext, unsetEntityContext, ejbC
  12. Chapter 7. CMP Entity Bean Life Cycle
  13. Identify correct and incorrect statements or examples about the rules and semantics for relationship assignment and relationship updating in a CMP bean.
  14. From a list, identify the responsibility of the container for a CMP entity bean, including but not limited to: setEntityContext, unsetEntityContext, ejbCreate, ejbPostCreate, ejbActi
  15. Given a code listing, determine whether it is a legal and appropriate way to programmatically access a caller's security context.
  16. Chapter 10. Message-Driven Bean Component Contract
  17. Identify correct and incorrect statements about the purpose and use of the deployment descriptor elements for environment entries, EJB references, and resource manager connection factory r
  18. Identify the use and the behavior of the ejbPassivate method in a session bean, including the responsibilities of both the container and the bean provider.
  19. Chapter 12. Exceptions
  20. Identify correct and incorrect statements or examples about the client view of an entity bean's local component interface (EJBLocalObject).
  21. Identify EJB 2.0 container requirements.
  22. Chapter 1. EJB Overview
  23. Identify correct and incorrect statements or examples about EJB programming restrictions.
  24. Chapter 9. EJB-QL
  25. Identify correct and incorrect statements or examples about the purpose and use of EJB QL.
  26. Identify correct and incorrect conditional expressions, BETWEEN expressions, IN expressions, LIKE expressions, and comparison expressions.
  27. Identify correct and incorrect statements or examples about the client view of a entity bean's remote component interface (EJBObject).
  28. Given a list, identify which are requirements for an EJB-jar file.
  29. Match EJB roles with the corresponding description of the role's responsibilities, where the description may include deployment descriptor information.
  30. Chapter 2. Client View of a Session Bean
  31. Chapter 13. Enterprise Bean Environment
  32. Chapter 8. Entity Beans
  33. Identify the use, syntax, and behavior of, the following entity bean home method types, for Container-Managed Persistence (CMP); finder methods, create methods, remove methods, and home me
  34. Identify correct and incorrect statements or examples about an entity bean's primary key and object identity.
  35. Identify correct and incorrect statements or examples about the client's view of exceptions received from an enterprise bean invocation.
  36. Identify correct and incorrect statements or examples about application exceptions and system exceptions in entity beans, session beans, and message-driven beans.
  37. Given a particular method condition, identify the following: whether an exception will be thrown, the type of exception thrown, the container's action, and the client's view.
  38. Given a list of responsibilities related to exceptions, identify those which are the bean provider's, and those which are the responsibility of the container provider. Be prepared to recog
  39. SCBCD Study Guide
  40. Identify the use and behavior of the MessageDrivenContext interface methods.