Deployment Descriptor Elements
Deployment Descriptor Elements
Declaring Security Roles Using Deployment Descriptor Elements
Note
Any values explicitly specified in the deployment descriptor override any values specified
in annotations. If a value for a method has not been specified in the deployment descriptor, and
a value has been specified for that method by means of the use of annotations, the value
specified in annotations will apply. The granularity of overriding is on the per-method basis.
If the @DeclareRoles annotation is not used, you can use the security-role-ref elements of
the deployment descriptor to declare the security roles referenced in the code, as follows:
Declare the name of the security role using the role-name element in the deployment
descriptor. The name must be the security role name that is used as a parameter to the
isCallerInRole(String roleName)
method.
Optionally provide a description of the security role in the description element.
The following example illustrates how an enterprise bean's references to security roles are
declared in the deployment descriptor. In this example, the deployment descriptor indicates
that the enterprise bean AardvarkPayroll makes the security check using
isCallerInRole(
"payroll") in its business method. The security role reference is scoped to
the session or entity bean whose declaration contains the security-role-ref element.
...
<enterprise-beans>
...
<session>
<ejb-name>AardvarkPayroll</ejb-name>
<ejb-class>com.aardvark.payroll.PayrollBean</ejb-class>
...
<security-role-ref>
<description>
This security role should be assigned to the
employees of the payroll department who are
allowed to update employees
' salaries.
</description>
<role-name>payroll</role-name>
</security-role-ref>
...
</session>
...
</enterprise-beans>
...
Securing Enterprise Beans
Chapter 29 · Securing Java EE Applications
803
