Sun Microsystem Inc
Container Provider’s responsibility |
Enterprise JavaBeans v1.1, Final Release |
Runtime environment |
18.2 Container Provider’s responsibility
This section defines the Container’s responsibilities for providing the runtime environment to the enterprise bean instances. The requirements described here are considered to be the minimal requirements; a Container may choose to provide additional functionality that is not required by the EJB specification.
18.2.1 Java 2 Platform-based Container
A Java 2 platform-based EJB Container must make the following APIs available to the enterprise bean instances at runtime:
• Java 2 APIs
• EJB 1.1 APIs
• JNDI 1.2
• JTA 1.0.1, the UserTransaction interface only
• JDBC™ 2.0 extension
• JavaMail 1.1, sending mail only
|
The following subsections describes the requirements in more detail. |
|||
18.2.1.1 |
Java 2 APIs requirements |
|
||
|
The Container must provide the full set of Java 2 platform APIs. The Container is not allowed to subset |
|||
|
the Java 2 platform APIs. |
|
||
|
The EJB Container is allowed to make certain Java 2 platform functionality unavailable to the enterprise |
|||
|
bean instances by using the Java 2 platform security policy mechanism. The primary reason for the Con- |
|||
|
tainer to make certain functions unavailable to enterprise bean instances is to protect the security and |
|||
|
integrity of the EJB Container environment, and to prevent the enterprise bean instances from interfer- |
|||
|
ing with the Container’s functions. |
|
||
|
The following table defines the Java 2 platform security permissions that the EJB Container must be |
|||
|
able to grant to the enterprise bean instances at runtime. The term “grant” means that the Container |
|||
|
must be able to grant the permission, the term “deny” means that the Container should deny the permis- |
|||
|
sion. |
|
||
|
|
|
|
|
Table 10 |
Java 2 Platform Security policy for a standard EJB Container |
|||
|
|
|
|
|
|
|
|
Permission name |
EJB Container policy |
|
|
|
|
|
|
|
|
|
|
|
|
|
java.security.AllPermission |
deny |
|
|
|
|
|
275 |
11/24/99 |
Sun Microsystems Inc.
Runtime environment |
Enterprise JavaBeans v1.1, Final Release |
Container Provider’s responsibility |
Table 10 |
Java 2 Platform Security policy for a standard EJB Container |
||
|
|
|
|
|
|
Permission name |
EJB Container policy |
|
|
|
|
|
|
|
|
|
|
java.awt.AWTPermission |
deny |
|
|
|
|
|
|
java.io.FilePermission |
deny |
|
|
|
|
|
|
java.net.NetPermission |
deny |
|
|
|
|
|
|
java.util.PropertyPermission |
grant “read”, “*” |
|
|
|
deny all other |
|
|
|
|
|
|
java.lang.reflect.ReflectPermission |
deny |
|
|
|
|
|
|
java.lang.RuntimePermission |
grant “queuePrintJob”, |
|
|
|
deny all other |
|
|
|
|
|
|
java.lang.SecurityPermission |
deny |
|
|
|
|
|
|
java.io.SerializablePermission |
deny |
|
|
|
|
|
|
java.net.SocketPermission |
grant “ connect”, “*” [Note A], |
|
|
|
deny all other |
|
|
|
|
|
Notes: |
|
|
[A]This permission is necessary, for example, to allow enterprise beans to use the client functionality of the Java IDL API and RMI-IIOP packages that are part of Java 2 platform.
Some Containers may allow the Deployer to grant more, or fewer, permissions to the enterprise bean instances than specified in Table 10. Support for this is not required by the EJB specification. Enterprise beans that rely on more or fewer permissions will not be portable across all EJB Containers.
18.2.1.2 EJB 1.1 requirements
The container must implement the EJB 1.1 interfaces as defined in this documentation.
18.2.1.3 JNDI 1.2 requirements
At the minimum, the EJB Container must provide a JNDI API name space to the enterprise bean instances. The EJB Container must make the name space available to an instance when the instance invokes the javax.naming.InitialContext default (no-arg) constructor.
The EJB Container must make available at least the following objects in the name space:
•The home interfaces of other enterprise beans.
•The resource factories used by the enterprise beans.
The EJB specification does not require that all the enterprise beans deployed in a Container be presented with the same JNDI API name space. However, all the instances of the same enterprise bean must be presented with the same JNDI API name space.
11/24/99 |
276 |