tailieunhanh - Java 2 Bible Enterprise Edition phần 7
. Vì vậy, nơi nào họ đi đâu? Câu trả lời phụ thuộc vào phần mềm máy chủ EJB bạn đang chạy. Ví dụ, việc thực hiện tham chiếu đặt chúng trong thư mục $ . Bạn sẽ cần phải tìm kiếm các tài liệu cho môi trường của bạn để biết thêm chi tiết. | Chapter 17 Using Advanced EJB Techniques Tip You can t control bean-security issues through the policy files used by J2SE. These policy files only control functions of a particular API such as file I O or threading and they won t work because they must be available across all clients and servers. In addition the environment for example Java code embedded in an Oracle database as a trigger may not support them. The assignment of a set of access restrictions is known as a role in EJB terminology. A role acts as a grouping mechanism. You don t use it to predefine access capabilities or users who wish to attempt certain tasks rather it acts as a means of collecting like-minded methods together after you have written them. A particular user of the system is known as a security principal. When your servlet code needs to access an EJB it has an identity which is the principal s name. The name represents the user attempting to perform the task. The role information forms the other half of the request. At some point during the deployment the person responsible for deploying beans will pull up the administration tool and provide a mapping of principal names to roles. Consider it a many-to-many mapping where a single principal may be allocated a number of roles but a role may be assigned to many principal names. How the roles and principles are arranged depends on your application requirements. Determining who is calling As we alluded to earlier some programmatic ways of accessing security information exist. The two methods provided enable you to determine the identity of the principal calling you and to check the role of the caller. Caution The J2EE specification explicitly warns against using these methods as means of controlling secure access to your code. They should be treated as purely informational because if your method has been called the assumption is that the EJB container has already performed all the necessary checks. Finding out the identity of the principal .
đang nạp các trang xem trước