background image

Declaring Security Role Names

<< EJBContext Interface | Declaring Security Roles Using Annotations >>
<< EJBContext Interface | Declaring Security Roles Using Annotations >>

Declaring Security Role Names

@DeclareRoles(
"payroll")
@Stateless public class PayrollBean implements Payroll {
@Resource SessionContext ctx;
public void updateEmployeeInfo(EmplInfo info) {
oldInfo = ... read from database;
// The salary field can be changed only by callers
// who have the security role
"payroll"
if (info.salary != oldInfo.salary &&
!ctx.isCallerInRole(
"payroll")) {
throw new SecurityException(...);
}
...
}
...
}
An example application that uses the getCallerPrincipal and isCallerInRole methods is
described in
"Example: Using the isCallerInRole and getCallerPrincipal Methods" on
page 826
.
Declaring Security Role Names Referenced from
Enterprise Bean Code
You can declare security role names used in enterprise bean code using either the
@DeclareRoles
annotation (preferred) or the security-role-ref elements of the deployment
descriptor. Declaring security role names in this way enables you to link these security role
names used in the code to the security roles defined for an assembled application. In the absence
of this linking step, any security role name used in the code will be assumed to correspond to a
security role of the same name in the assembled application.
A security role reference, including the name defined by the reference, is scoped to the
component whose bean class contains the @DeclareRoles annotation or whose deployment
descriptor element contains the security-role-ref deployment descriptor element.
You can also use the security-role-ref elements for those references that were declared in
annotations and you want to have linked to a security-role whose name differs from the
reference value. If a security role reference is not linked to a security role in this way, the
container must map the reference name to the security role of the same name. See
"Linking
Security Role References to Security Roles" on page 805
for a description of how security role
references are linked to security roles.
Securing Enterprise Beans
Chapter 29 · Securing Java EE Applications
801