1 Reply Latest reply on Aug 25, 2004 4:19 PM by Scott Stark

    Why does JAAS require that functions be coupled to roles in

    Lea Thurman Newbie

      Hi all,

      Why does J2EE/JAAS require that I need to add role information to my desployment descriptor i.e the EJB method "addAccount" requires role "AccountsClerk"

      When I have done this before (not J2EE or JAAS) I have always had a user/role and role/function relationship held in the database.

      When a function is requested the application just asks an "authority" if the user has access to this function. It was not important that the function was obtained by vriture of a particular role. The Role was just a convenient way of packaging functions. It was not evaulated when a method was invoked.

      If I need to specify this at deploy time then how do I then add additonal functions to a particular role? Is it a another deployment. e.g the "deleteAccount" function can now be performed by an "AccountsClerk" and "AccountManager". However I am assuming at deploy time I would have specified that the "deleteAccount" method requires role "AccountManager".

      In the business world just because the "AccountsClerk" can now delete an account does not make then an "AccountManager" so it does not make sence to upgrade the "AccountsClerk" to "AccountManager".

      I am convinced I have misunderstood some central concept in JAAS e.g the concept of a role .. is it really a function?

      Any help would be much appreciated.

      Regards
      Lea.