The Deployer’s job: mapping actual humans to abstract roles
The App Assembler knows the application, but the Deployer knows the operational environment. We (and the spec) use the term operational environment as a fancy way of saying, the business where the application is running. Maybe the company bought the app off-the-shelf. Maybe they built it in-house. Doesn’t matter. The Deployer works there. He knows the place. Most importantly, he knows how security is managed at the company (for example, the company might have all the employee names and passwords as part of an LDAP system). He’s the best person to know how the abstract roles the App Assembler put in should map to real people and groups in his company.
He has two main jobs:
Assigning the security domain and principal realm to the app
The company where the app is running has real employees. Somehow, those employees have a way of authenticating themselves to a server, probably with a name and a password. The security information in the operational environment has to be configured into the server, in such a way that the server can tell who is actually calling the method.
This happens outside of the EJB specification! In other words, it’s vendor-specific.
Mapping users and/or groups to the abstract security roles
The App Assembler made up the abstract security roles that best fit the payroll app. But those roles don’t mean anything in ...
Get Head First EJB now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
