Hi all,
I've asked about @SecurityRole and @SecurityIdentity at
http://groups.yahoo.com/group/jsr181/ moderated by JSR-181
spec leaders.
I received a reply right before. It says "@SecurityRole and
@SecurityIdentity will be removed in the final draft of JSR-181."
hm...
Just let you all know.
Thanks in advance.
Wolfgang
THe original messages are as follows.
> In this context, resource is any other container managed service
> that requires a security role to be accessed.
>
> Ex.
>
> @SecurityIdentity("foo")
> public class MyService()
> {
> //...
> }
>
> If MySerivce calls EJB YourService, it should use foo instead of the
> original caller for security authorization.
>
> FYI,
>
> @SecurityRole and @SecurityIdentity will be removed in the final
> draft of 181. These annotations will be covered in jsr 250 ・Common
> Annotations.
>
> Brian
>
> --- In [EMAIL PROTECTED], wolfgang <[EMAIL PROTECTED]> wrote:
> > Hi experts of JSR-181,
> >
> > I've been working on implemetation of SecurityRoles
> > and SecurityIdentity annotations for Apache-Beehive
> > project.
> > (Actually, I've finished implementing
> > SecurityRoles.rolesAllowed. )
> >
> > The use cases of SecurityRoles.rolesReferenced and
> > SecurityIdentity annotation are not clear to me.
> >
> > The JSR-181 spec explains
> > SecurityRoles.rolesReferenced as
> > "The Web Service may access other resources using the
> > credentials of the roles listed."
> > and SecurityIdentity as
> > "A Web Service that includes this member-value
> > assumes the permission-level of the role specified and
> > may access other resources accordingly."
> >
> > Those explanations mention "other resources", but what
> > kind of resources are involved ?
> > I want to ask a clarification of those two
> > annotations.
> >
> > Thanks in advance.
> >
> > Wolfgang
> >
> >
