Defining a Security View
Defining a Security View
information along to the deployer. When a security view is passed on to the deployer, the
deployer uses this information to define method permissions for security roles. If you don't
define a security view, the deployer will have to determine what each business method does to
determine which users are authorized to call each method.
type of users of an application must have to successfully access the application. Security roles
are meant to be logical roles, representing a type of user. You can define method permissions for
each security role. A method permission is a permission to invoke a specified group of methods
of the enterprise beans' business interface, home interface, component interface, and/or web
service endpoints. You can specify an authentication mechanism that will be used to verify the
identity of a user.
an application. They should not be confused with the user groups, users, principals, and other
concepts that exist in the Application Server.
method permissions that define a security view:
language annotations. The set of security roles used by the application is the total of the security
roles defined by the security role names used in the @DeclareRoles and @RolesAllowed
annotations.
security-role