user manual
314 BES Developer’s Guide
The ra-borland.xml deployment descriptor DTD
This element allows for the specification of a defined set of
user roles and the corresponding run-as roles (representing
EIS identities) that should be used when allocating
Managed Connections and Connection Handles.
A default Resource run-as role can be defined for the Connection
Factory via the map. By specifying a user-role value of '*'
and a corresponding run-as role, the defined run-as will be utilized
whenever the current role is NOT matched elsewhere in
the map.
This is an optional element, however, it must be specified in some
form if Container Managed Sign-on is supported by the Resource Adapter
and used by ANY client.
In addition, the deployment-time population of the Connection Pool
with Managed Connections will be attempted using the defined
'default' run-as if one is specified.
-->
<!ELEMENT security-map (description?, user-role+, (use-caller-identity|run-
as))>
<!--
The user-role element contains one or more role names, defined for
use as the security identity, or mapped to a appropriate Resource
Role run-as identity, for interactions with the resource.
-->
<!ELEMENT user-role (#PCDATA)>
<!--
The use-caller-identity element specifies that the caller's security
identity be used as the security identity for the execution of the
Resource Adapter's methods.
Used in: security-map
-->
<!ELEMENT use-caller-identity EMPTY>
<!--
The run-as element specifies the run-as identity to be used for the
execution of the enterprise bebean. Itontains an optional description, and
the name of a security role.
Used in: security-map
-->
<!ELEMENT run-as (description?, role-name)>
<!--
The role-name element contains the name of a security role.
The name must conform to the lexical rules for an NMTOKEN.
Used in: run-as