Sun Microsystems Inc.

15.3.3 Linking security role references to security roles

If the Application Assembler defines the security-role elements in the deployment descriptor, he or she is also responsible for linking all the security role references declared in the secu- rity-role-ref elements to the security roles defined in the security-role elements.

The Application Assembler links each security role reference to a security role using the role-link element. The value of the role-link element must be the name of one of the security roles defined in a security-role element.

A role-link element must be used even if the value of role-name is the same as the value of the role-link reference.

The following deployment descriptor example shows how to link the security role reference named payroll to the security role named payroll-department.

...

<enterprise-beans>

...

<entity> <ejb-name>AardvarkPayroll</ejb-name>

<ejb-class>com.aardvark.payroll.PayrollBean</ejb-class>

...

<security-role-ref> <description>

This role should be assigned to the employees of the payroll department. Members of this role have access to anyone’s payroll record.

The role has been linked to the payroll-department role.

</description> <role-name>payroll</role-name> <role-link>payroll-department</role-link>

</security-role-ref>

...

</entity>

...

</enterprise-beans>

...

15.4 Deployer’s responsibilities

The Deployer is responsible for ensuring that an assembled application is secure after it has been deployed in the target operational environment. This section defines the Deployer’s responsibility with respect to EJB architecture security management.

Sun Microsystem Inc

The Deployer uses deployment tools provided by the EJB Container Provider to read the security view of the application supplied by the Application Assembler in the deployment descriptor. The Deployer’s job is to map the security view that was specified by the Application Assembler to the mechanisms and policies used by the security domain in the target operational environment. The output of the Deployer’s work includes an application security policy descriptor that is specific to the operational environment. The format of this descriptor and the information stored in the descriptor are specific to the EJB Container.

The following subsections describe the security related tasks performed by the Deployer.

15.4.1 Security domain and principal realm assignment

The Deployer is responsible for assigning the security domain and principal realm to an enterprise bean application.

Multiple principal realms within the same security domain may exist, for example, to separate the realms of employees, trading partners, and customers. Multiple security domains may exist, for example, in application hosting scenarios.

15.4.2 Assignment of security roles

The Deployer assigns principals and/or groups of principals (such as individual users or user groups) used for managing security in the operational environment to the security roles defined in the secu- rity-role elements of the deployment descriptor.

Typically, the Deployer does not need to change the method permissions assigned to each security role in the deployment descriptor.

The Application Assembler linked all the security role references used in the bean’s code to the security roles defined in the security-role elements. The Deployer does not assign principals and/or principal groups to the security role references—the principals and/or principals groups assigned to a security role apply also to all the linked security role references. For example, the Deployer of the AardvarkPayroll enterprise bean in subsection 15.3.3 would assign principals and/or principal groups to the security-role payroll-department, and the assigned principals and/or principal groups would be implicitly assigned also to the linked security role payroll.

The EJB architecture does not specify how an enterprise should implement its security architecture. Therefore, the process of assigning the logical security roles defined in the application’s deployment descriptor to the operational environment’s security concepts is specific to that operational environment. Typically, the deployment process consists of assigning to each security role one or more user groups (or individual users) defined in the operational environment. This assignment is done on a per-application basis. (That is, if multiple independent ejb-jar files use the same security role name, each may be assigned differently.)

15.4.3 Principal delegation

The Deployer is responsible for configuring the principal delegation for inter-component calls. The Deployer must follow any instructions supplied by the Application Assembler (for example, provided in the description elements of the deployment descriptor, or in a deployment manual).