EJB.15.3 Application Assembler s Responsibilities


EJB.15.3 Application Assembler's Responsibilities

The application assembler (which could be the same party as the bean provider) may define a security view of the enterprise beans contained in the EJB JAR file. Providing the security view in the deployment descriptor is optional for the bean provider and application assembler.

The main reason for the application assembler's providing the security view of the enterprise beans is to simplify the deployer's job. In the absence of a security view of an application, the deployer needs detailed knowledge of the application in order to deploy the application securely. For example, the deployer would have to know what each business method does to determine which users can call it. The security view defined by the application assembler presents a more consolidated view to the deployer, allowing the deployer to be less familiar with the application.

The security view consists of a set of security roles . A security role is a semantic grouping of permissions that a given type of users of an application must have in order to use the application successfully.

The applications assembler defines method permissions for each security role. A method permission is a permission to invoke a specified group of methods of the enterprise beans' home and remote interfaces.

It is important to keep in mind that the security roles are used to define the logical security view of an application. They should not be confused with the user groups, users, principals, and other concepts that exist in the target enterprise's operational environment.

In special cases, a qualified deployer may change the definition of the security roles for an application, or completely ignore them and secure the application using a different mechanism that is specific to the operational environment.

If the bean provider has declared any security role references using the security-role-ref elements, the application assembler must link all the security role references listed in the security-role-ref elements to the security roles defined in the security-role elements. This is described in more detail in Section EJB.15.3.3.

EJB.15.3.1 Security Roles

The application assembler can define one or more security roles in the deployment descriptor. The application assembler then assigns groups of methods of the enterprise beans' home and remote interfaces to the security roles to define the security view of the application.

Because the application assembler does not, in general, know the security environment of the operational environment, the security roles are meant to be logical roles (or actors), each representing a type of user that should have the same access rights to the application.

The deployer then assigns user groups and/or user accounts defined in the operational environment to the security roles defined by the application assembler.

Defining the security roles in the deployment descriptor is optional [1] for the application assembler. Their omission in the deployment descriptor means that the application assembler chose not to pass any security deployment related instructions to the deployer in the deployment descriptor.

[1] If the application assembler does not define security roles in the deployment descriptor, the deployer will have to define security roles at deployment time.

The application assembler is responsible for the following:

  • Define each security role using a security-role element.

  • Use the role- name element to define the name of the security role.

  • Optionally, use the description element to provide a description of a security role.

The security roles defined by the security-role elements are scoped to the EJB JAR file level, and apply to all the enterprise beans in the EJB JAR file.

The following example illustrates a security role definition in a deployment descriptor.

 ...  <assembly-descriptor>     <security-role>        <description>           This role includes the employees of the           enterprise who are allowed to access the           employee self-service application. This role           is allowed only to access his/her own           information.        </description>        <role-name>employee</role-name>     </security-role>     <security-role>        <description>           This role includes the employees of the human           resources department. The role is allowed to           view and update all employee records.        </description>        <role-name>hr-department</role-name>     </security-role>     <security-role>        <description>           This role includes the employees of the payroll           department. The role is allowed to view and           update the payroll entry for any employee.        </description>        <role-name>payroll-department</role-name>     </security-role>     <security-role>        <description>           This role should be assigned to the personnel           authorized to perform administrative functions           for the employee self-service application.           This role does not have direct access to           sensitive employee and payroll information.        </description>        <role-name>admin</role-name>     </security-role>     ...  </assembly-descriptor> 

EJB.15.3.2 Method Permissions

If the application assembler has defined security roles for the enterprise beans in the EJB JAR file, he or she can also specify the methods of the remote and home interface that each security role is allowed to invoke.

Method permissions are defined in the deployment descriptor as a binary relation from the set of security roles to the set of methods of the home and remote interfaces of the enterprise beans, including all their superinterfaces (including the methods of the EJBHome and EJBObject interfaces). The method permissions relation includes the pair ( R , M ) if and only if the security role R is allowed to invoke the method M .

The application assembler defines the method permissions relation in the deployment descriptor using the method-permission elements as follows .

  • Each method-permission element includes a list of one or more security roles and a list of one or more methods. All the listed security roles are allowed to invoke all the listed methods. Each security role in the list is identified by the role-name element, and each method (or a set of methods, as described below) is identified by the method element. An optional description can be associated with a method-permission element using the description element.

  • The method permissions relation is defined as the union of all the method permissions defined in the individual method-permission elements.

  • A security role or a method may appear in multiple method-permission elements.

It is possible that some methods are not assigned to any security roles. This means that none of the security roles defined by the application assembler needs access to the methods.

The method element uses the ejb-name , method-name , and method-params elements to denote one or more methods of an enterprise bean's home and remote interfaces. There are three legal styles for composing the method element:

Style 1:
 <method>       <ejb-name>  EJBNAME  </ejb-name>       <method-name>*</method-name>  </method> 

This style is used for referring to all of the remote and home interface methods of a specified enterprise bean.

Style 2:
 <method>       <ejb-name>  EJBNAME  </ejb-name>       <method-name>  METHOD  </method-name>  </method> 

This style is used for referring to a specified method of the remote or home interface of the specified enterprise bean. If there are multiple methods with the same overloaded name, this style refers to all of the overloaded methods.

Style 3:
 <method>       <ejb-name>  EJBNAME  </ejb-name>       <method-name>  METHOD  </method-name>       <method-params>            <method-param>  PARAMETER_1  </method-param>            ...            <method-param>  PARAMETER_N  </method-param>       </method-params>  </method> 

This style is used to refer to a specified method within a set of methods with an overloaded name. The method must be defined in the specified enterprise bean's remote or home interface.

The optional method-intf element can be used to differentiate methods with the same name and signature that are defined in both the remote and home interfaces.

The following example illustrates how security roles are assigned method permissions in the deployment descriptor:

 ...  <method-permission>     <role-name>employee</role-name>     <method>        <ejb-name>EmployeeService</ejb-name>        <method-name>*</method-name>     </method>  </method-permission>  <method-permission>     <role-name>employee</role-name>     <method>        <ejb-name>AardvarkPayroll</ejb-name>        <method-name>findByPrimaryKey</method-name>     </method>     <method>        <ejb-name>AardvarkPayroll</ejb-name>        <method-name>getEmployeeInfo</method-name>     </method>     <method>        <ejb-name>AardvarkPayroll</ejb-name>        <method-name>updateEmployeeInfo</method-name>     </method>  </method-permission>  <method-permission>     <role-name>payroll-department</role-name>     <method>        <ejb-name>AardvarkPayroll</ejb-name>        <method-name>findByPrimaryKey</method-name>     </method>     <method>        <ejb-name>AardvarkPayroll</ejb-name>        <method-name>getEmployeeInfo</method-name>     </method>     <method>        <ejb-name>AardvarkPayroll</ejb-name>        <method-name>updateEmployeeInfo</method-name>     </method>     <method>        <ejb-name>AardvarkPayroll</ejb-name>        <method-name>updateSalary</method-name>     </method>  </method-permission>  <method-permission>     <role-name>admin</role-name>     <method>        <ejb-name>EmployeeServiceAdmin</ejb-name>        <method-name>*</method-name>     </method>  </method-permission>  ... 

EJB.15.3.3 Linking Security Role References to Security Roles

If the application assembler defines the security-role elements in the deployment descriptor, he or she is also responsible for linking all the security role references declared in the security-role-ref elements to the security roles defined in the security-role elements.

The application assembler links each security role reference to a security role using the role-link element. The value of the role-link element must be the name of one of the security roles defined in a security-role element.

A role-link element must be used even if the value of role-name is the same as the value of the role-link reference.

The following deployment descriptor example shows how to link the security role reference named payroll to the security role named payroll-department .

 ...  <enterprise-beans>     ...     <entity>        <ejb-name>AardvarkPayroll</ejb-name>        <ejb-class>com.aardvark.payroll.PayrollBean</ejb-class>        ...        <security-role-ref>           <description>              This role should be assigned to the              employees of the payroll department.              Members of this role have access to              anyone's payroll record.              The role has been linked to the              payroll-department role.           </description>           <role-name>payroll</role-name>           <role-link>payroll-department</role-link>        </security-role-ref>        ...     </entity>     ...  </enterprise-beans>  ... 


Java 2 Platform, Enterprise Edition. Platform and Component Specifications
Java 2 Platform, Enterprise Edition: Platform and Component Specifications
ISBN: 0201704560
EAN: 2147483647
Year: 2000
Pages: 399

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net