background image

Using Programmatic Security

<< Using Annotations | Securing the Application Server >>
<< Using Annotations | Securing the Application Server >>

Using Programmatic Security

class file using annotations. When the application is deployed, this information is used by the
Application Server. Not all security information can be specified using annotations, however.
Some information must be specified in the application deployment descriptors.
Annotations let you avoid writing boilerplate code under many circumstances by enabling tools
to generate it from annotations in the source code. This leads to a declarative programming
style, where the programmer says what should be done and tools emit the code to do it. It also
eliminates the need for maintaining side files that must be kept up to date with changes in
source files. Instead the information can be maintained in the source file.
In this tutorial, specific annotations that can be used to specify security information within a
class file are described in the following sections:
"Declaring Security Requirements Using Annotations" on page 849
"Using Enterprise Bean Security Annotations" on page 815
The following are sources for more information on annotations:
JSR 175: A Metadata Facility for the Java Programming Language
JSR 181: Web Services Metadata for the Java Platform
JSR 250: Common Annotations for the Java Platform
The Java SE discussion of annotations
Links to this information are provided in
"Further Information about Security" on page 795
.
Using Programmatic Security
Programmatic security is embedded in an application and is used to make security decisions.
Programmatic security is useful when declarative security alone is not sufficient to express the
security model of an application. The API for programmatic security consists of two methods of
the EJBContext interface and two methods of the servlet HttpServletRequest interface. These
methods allow components to make business logic decisions based on the security role of the
caller or remote user.
Programmatic security is discussed in more detail in the following sections:
"Accessing an Enterprise Bean Caller's Security Context" on page 799
"Working with Security Roles" on page 841
Securing Containers
The Java EE 5 Tutorial · September 2007
776