The intended meaning is (we will update the text before the EJB spec is finalized):
An EJB container must be capable of deploying enterprise beans
that require the exact set of security permissions (no more, no less) as specified
in the EJB spec. Some container products will allow the set to be configurable,
providing
some enterprise beans with more or fewer permissions than those specified
in the spec.
Therefore, portable enterprise beans must assume that the container supports
the exact permissions set described in the EJB spec.
Vlada
PS: Note that there is no security permission JDK to disallow an enterprise bean to
start a new thread. Therefore, we currently do not require that an EJB container be
capable
of enforcing the rule that an enterprise bean must not start a new thread. We are
looking
into a solution that would allow the container to enforce this rule.
----- Original Message -----
From: David Lowe <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, August 13, 1999 10:04 AM
Subject: [Fwd: EJB and threads]
> Can someone from Sun publicly clarify this?
>
> My reading is different than Rickard's. I believe "must" vs. "should"
> is used intentionally in the specification:
>
> "The term 'grant' means the Container must be able to grant the
> permission, the term 'deny' means the Container should deny the
> permission".
>
> .. which would indicate that Containers should, but not must, deny these
> operations to application programmers.
>
> This is reenforced by the statements such as "The Container is allowed
> to make certain JDK1.1 functionality unavailable to the enterprise bean
> instances by using the JDK security manager mechanism".
>
> Sounds like recommended, but not mandated, Container functionality to
> me.
> thanks,
> -- dave
>
>
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
