Shiv Kumar wrote:
> According to the requirements, we should allow the User to create roles dynamically
> (something like a CREATE ROLE in Oracle). So, what we were planning was to define and
> document a set of Permissions and their meaning. The user could then give a role name
> and check all the permissions applicable for that role.
>
> How is this possible using EJBs?
I don't think it is. Your deployment descriptor, which is of course
static, defines what roles various methods on various beans will run
as. Apart from that, the only specification APIs you have to work with
are queries: isCallerInRole() and getCallerPrincipal(). Note that there
is no setCallerPrincipal(), or addRoleToPrincipal(), or anything like
that.
In theory there is a way to get a servlet container that adheres to the
2.3 specification to magically create new Principals, but even in that
specification there is no way to create and/or modify role assignments.
(It's my general belief in authoring specifications that you are
obligated to either provide both read and write capabilities on
specification entities (such as roles, principals, etc.) or explain
thoroughly why you chose to specify, e.g., only read-only APIs. EJB 1.1
does not do this.)
Cheers,
Laird
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
