Vendor-Specific EJB Access Controls
Although the roles specified by an assembler in the <security-role> elements of an ejb-jar.xml file define logical roles assumed by an EJB application, the container and EJB deployers must map these roles to actual user groups or users in the operational system. Additionally, the container and EJB deployers must manage how these roles relate to particular security domains from the operational system. Vendor-specific mappings from logical security role to operational environment groups or users may be performed automatically without requiring the development of vendor-specific code. As an example of a vendor-specific mapping tool, the BEA WebLogic Server comes equipped with a GUI tool referred to as the DeployerTool. The DeployerTool can be used to map standard J2EE EJB-defined role names to principal names that have meaning in an operational BEA WebLogic Server environment.