user manual
418 BES Developer’s Guide
DTD
<!--
The security-map element specifies whether the caller's security identity
is to be used for the execution of the methods of the enterprise bean
or whether a specific run-as identity is to be used. It contains an
optional description and a specification of the security identity to
be used.
Each security-map element provides a mechanism to define appropriate
Resource Role values for Resource Adapter/EIS authorization processing,
through the use of the run-as element.
This element allows for the specification of a defined set of
user roles and the corresponding run-as roles (representing
EIS identities) that should be used when allocating
Managed Connections and Connection Handles.
A default Resource run-as role can be defined for the Connection
Factory via the map. By specifying a user-role value of '*'
and a corresponding run-as role, the defined run-as will be utilized
whenever the current role is NOT matched elsewhere in
the map.
This is an optional element, however, it must be specified in some
form if Container Managed Sign-on is supported by the Resource Adapter
and used by ANY client.
In addition, the deployment-time population of the Connection Pool
with Managed Connections will be attempted using the defined
'default' run-as if one is specified.
-->
<!ELEMENT security-map (description?, user-role+, (use-caller-identity|run-
as))>
<!--
The user-role element contains one or more role names, defined for
use as the security identity, or mapped to a appropriate Resource
Role run-as identity, for interactions with the resource.
-->
<!ELEMENT user-role (#PCDATA)>
<!--
The use-caller-identity element specifies that the caller's security
identity be used as the security identity for the execution of the
Resource Adapter's methods.
Used in: security-map
-->
<!ELEMENT use-caller-identity EMPTY>
<!--
The run-as element specifies the run-as identity to be used for the
execution of the enterprise bean.It contains an optional description, and