Home Javacertification Bcd-guide Given a security-related deployment descriptor tag, identify correct and incorrect statements and code related to that tag.

Ask Questions?

View Latest Questions

Advertisement


 
 

Given a security-related deployment descriptor tag, identify correct and incorrect statements and code related to that tag.
Posted on: April 18, 2011 at 12:00 AM
This page discusses - Given a security-related deployment descriptor tag, identify correct and incorrect statements and code related to that tag.

Given a security-related deployment descriptor tag, identify correct and incorrect statements and code related to that tag.

The following example illustrates a security role definition (made by Application Assembler) in a deployment descriptor:


<assembly-descriptor>

	<security-role>
		<description>
			This role includes the employees of the
			enterprise who are allowed to access the
			employee self-service application. This role
			is allowed only to access his/her own
			information.
		</description>
		<role-name>employee</role-name>
	</security-role>

	<security-role>
		<description>
			This role includes the employees of the human
			resources department. The role is allowed to
			view and update all employee records.
		</description>
		<role-name>hr-department</role-name>
	</security-role>

	<security-role>
		<description>
			This role includes the employees of the payroll
			department. The role is allowed to view and
			update the payroll entry for any employee.
		</description>
		<role-name>payroll-department</role-name>
	</security-role>

	<security-role>
		<description>
			This role should be assigned to the personnel
			authorized to perform administrative functions
			for the employee self-service application.
			This role does not have direct access to
			sensitive employee and payroll information.
		</description>
		<role-name>admin</role-name>
	</security-role>

</assembly-descriptor>

					

The following example illustrates how an enterprise bean's references to security roles are declared in the deployment descriptor (defined by Bean Provider):


<enterprise-beans>
	...
	<entity>
		<ejb-name>AardvarkPayroll</ejb-name>
		<ejb-class>com.aardvark.payroll.PayrollBean</ejb-class>
		...
		<security-role-ref>
			<description>
				This security role should be assigned to the
				employees of the payroll department who are
				allowed to update employees' salaries.
			</description>
			<role-name>payroll</role-name>
		</security-role-ref>
		...
	</entity>
	...
</enterprise-beans>

					
The deployment descriptor above indicates that the enterprise bean AardvarkPayroll makes the security check using isCallerInRole("payroll") in its business method.

The following deployment descriptor example shows how to link (by Application Assembler) the security role reference named payroll to the security role named payroll-department:


<entity>
	<ejb-name>AardvarkPayroll</ejb-name>
	<ejb-class>com.aardvark.payroll.PayrollBean</ejb-class>
	...
	<security-role-ref>
		<description>
			This role should be assigned to the
			employees of the payroll department.
			Members of this role have access to
			anyone's payroll record.
			The role has been linked to the
			payroll-department role.
		</description>
		<role-name>payroll</role-name>
		<role-link>payroll-department</role-link>
	</security-role-ref>
	...
</entity>

					

The following example illustrates how security roles are assigned method permissions (by Application Assembler) in the deployment descriptor:


<assembly-descriptor>
	<method-permission>
		<role-name>employee</role-name>
		<method>
			<ejb-name>EmployeeService</ejb-name>
			<method-name>*</method-name>
		</method>
	</method-permission>

	<method-permission>
		<role-name>employee</role-name>
		<method>
			<ejb-name>AardvarkPayroll</ejb-name>
			<method-name>findByPrimaryKey</method-name>
		</method>
		<method>
			<ejb-name>AardvarkPayroll</ejb-name>
			<method-name>getEmployeeInfo</method-name>
		</method>
		<method>
			<ejb-name>AardvarkPayroll</ejb-name>
			<method-name>updateEmployeeInfo</method-name>
		</method>
	</method-permission>

	<method-permission>
		<role-name>payroll-department</role-name>
		<method>
			<ejb-name>AardvarkPayroll</ejb-name>
			<method-name>findByPrimaryKey</method-name>
		</method>
		<method>
			<ejb-name>AardvarkPayroll</ejb-name>
			<method-name>getEmployeeInfo</method-name>
		</method>
		<method>
			<ejb-name>AardvarkPayroll</ejb-name>
			<method-name>updateEmployeeInfo</method-name>
		</method>
		<method>
			<ejb-name>AardvarkPayroll</ejb-name>
			<method-name>updateSalary</method-name>
		</method>
	</method-permission>

	<method-permission>
		<role-name>admin</role-name>
		<method>
			<ejb-name>EmployeeServiceAdmin</ejb-name>
			<method-name>*</method-name>
		</method>
	</method-permission>
</assembly-descriptor>

					

The following example illustrates the definition of a security-identity identity in the deployment descriptor (by Application Assembler):


<enterprise-beans>

	<entity>
		<ejb-name>Account</ejb-name>
		......
		<security-identity>
			<description>security description</description>
			<run-as>
				<description>role 'accountRole' description</description>
				<role-name>accountRole</role-name> 
			</run-as>
		</security-identity>
	</entity>

	<entity>
		<ejb-name>Customer</ejb-name>
		......
		<security-identity>
			<use-caller-identity/> 
		</security-identity>
	</entity>

</enterprise-beans>

					
NOTE, use-caller-identity cannot be used for message-driven.

Visit http://java.boot.by  for the updates.

Advertisement


DMCA.com