Hi Bill,
Thanks for the clarification. It helps to keep the portable (standard
descriptor/annotation) and non-portable (appserver settings/extensions)
configurations separate in my head.
-Peter
Bill Shannon wrote:
> Peter Williams wrote:
>
>> Where does the spec say or suggest that @RolesAllowed in a module can
>> map to a security role definition at the EAR level.
>
>
> Admittedly this isn't specified clearly in a single place.
>
> JSR-250 should define that @RolesAllowed defines a security role, in the
> same way that a deployment descriptor entry does.
>
> The Java EE platform spec says that roles defined at the EAR level serve
> two purposes:
>
> - They are a convenient way to define roles that apply to multiple
> modules of the application.
> - They provide a way to override the description of a role defined
> by a module.
>
> The namespace of roles has always been application-wide, even though
> they might be defined by a particular module. The Java EE platform
> spec's deployment chapter talks about resolving conflicts between
> role names when assemblying modules into an EE application.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>