11.4 Deployer s Responsibility

11.4 Deployer's Responsibility

Security deployment tasks, like all other application deployment tasks, are specific to the facilities provided by the EJB container and to the overall operational environment. Therefore, we can explain only at a high level how the deployer addresses the security requirements when deploying the benefits application at Star Enterprise.

11.4.1 Deploying Wombat's Enterprise Beans

The deployer assigns the user group all-employees, which represents all Star Enterprise employees, to the security role employee defined by the Wombat application. This ensures that all employees can use the application for benefits enrollment.

The deployer assigns the user group benefits-department to the benefits-admin security role defined by the Wombat application. This allows the members of Star Enterprise's benefits department to administer the benefits plans.

11.4.2 Deploying Star Enterprise's Beans

The PayrollEJB bean developed by Star Enterprise's IT department is deployed on the payroll application server. The security roles it declares are employee and payroll-dept. The deployer assigns the user group all-employees to the role employee and assigns the user group payroll-department, consisting of payroll administrators, to the payroll-dept security role.

While deploying the InsurancePlanAdmin Web service, the deployer creates user accounts for the insurance plan administrators who will use the Web service from a different enterprise. These users are added to the benefits-admin security role. At runtime, the users need to authenticate themselves to Star Enterprise's Web server hosting the Web service. The EJB container's authorization checks ensure that the users belong to the benefits-admin role before they are allowed to use the Web service.