Peter Williams wrote:
>
> Where does the spec say or suggest that @RolesAllowed in a module can
> map to a security role definition at the EAR level. Are there other
> module level annotations that imply values for the EAR's standard
> descriptor file?
I don't think the spec explicitly say which annotation mapped to which
xml element of deployment descriptor.
One has to look at definition of annotation and definition of xml schema
in this case.
>
> What affect is this supposed to have on XPaths in the standard
> descriptor as defined in JSR-88? If what you say is true, then the
> expected model of DDBeans-DConfigBeans is no longer valid for EAR's,
> yet there is no mention of this in the maintenance release for JSR-88.
>
>>> not a bug, can someone point me to where in the spec it says EAR's
>>> do this, because apparently I can't find it.
>>>
>>>
>>> (b) Does the server infer any other implicit descriptor values
>>> from this annotation?
>>
> So it would appear the answer to this question is yes. What other
> descriptor entries are implied? Does this affect annotations in web
> modules as well as EJB modules? Are these mappings defined or
> discussed (even implicitly) anywhere? JSR-250 is very light on detail.
@RolesAllowed is only for EJB, not for servlet.