> 1. Does EJB/J2EE spec provide a mechanism to dynamically create/delete/modify
> Groups and Users? I have been reading about access control lists etc but
> they sound more to me as if the users are defined at compile time. So,
> obviously I can not say method foo() of bean BarBean can be accessed by
> users Tom and Harry at deployment time, because these users do not exist
> when the system is in its initial state.
EJB, or J2EE, does not deal with management of security ACL's. However,
the names that you supply in deploymentdescriptors should be roles, not
actual usernames. This allows some indirection to be performed at
runtime.
> 2. What is the support for Roles in the spec? In my system, a set of Users
> belong to a single Group, A set of Groups or Users belong to one or more
> Roles. Roles have permissions associated with it. Users or Groups belonging
> to a particular Role have all permissions defined for that Role. How do I
> model this using EJBs? Do I have to write my own Security Subsystem or can
> I rely on JAAS?
Again, whenever you set security restrictions on EJB's you should use
role-names, not user-names.
> 3. Is there a way to have a global properties file from which all the beans
> can pick values from? I know that you can specify environment variables in
> the bean's depolyment descriptor. But, if for example, I have the mail
> server IP address, I do not want to duplicate the same property across a
> hundred deployment descriptors I have. Is there a way by which all beans
> can pick up this value from one place?
You could place this in a properties-file, and use it as a resource (see
Class.getResource()), yes.
However, you really should put this in the DD, and you should use a tool
that lets you update it easily. I have written a tool for easy XML-DD
editing (EJX, see www.dreambean.com/ejx.html), but I have not yet added
this feature. I'll do that in the next release (i.e. be able to do "set
the env.entry Foo in all beans to 'Bar'").
> 5. We are maintaining User relatated information in Netscape Directory Server
> and the rest in a database. Most of the time, a update operation results in
> updating both the directory server and database. What is the best way to
> make sure that all updates happen in a single transaction? Can I use EJB's
> transaction facility to rollback changes made in Directory server?
If you're using JNDI to access the directory server you should be aware
that JNDI is not transactional. Netscape may have added proprietary
support for this, but it is doubtful. This is a really tricky issue, oh
yes.
/Rickard
--
Rickard �berg
@home: +46 13 177937
Email: [EMAIL PROTECTED]
http://www.dreambean.com
Question reality
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
