Specifying an Authentication Mechanism
Specifying an Authentication Mechanism
You use the role-link element to link each security role reference to a security role. The value
of the role-link element must be the name of one of the security roles defined in a
security-role
element, or by the @DeclareRoles or @RolesAllowed annotations (as discussed
in
). You do not need to use the role-link element to
link security role references to security roles when the role-name used in the code is the same as
the name of the security-role to which you would be linking.
The following example illustrates how to link the security role reference name payroll to the
security role named payroll-department:
...
<enterprise-beans>
...
<session>
<ejb-name>AardvarkPayroll</ejb-name>
<ejb-class>com.aardvark.payroll.PayrollBean</ejb-class>
...
<security-role-ref>
<description>
This role should be assigned to the
employees of the payroll department.
Members of this role have access to
anyone
's payroll record.
The role has been linked to the
payroll-department role.
</description>
<role-name>payroll</role-name>
<role-link>payroll-department</role-link>
</security-role-ref>
...
</session>
...
</enterprise-beans>
...
Specifying an Authentication Mechanism
Authentications mechanisms are specified in the runtime deployment descriptor. When
annotations, such as the @RolesAllowed annotation, are used to protect methods in the
enterprise bean, you can configure the Interoperable Object Reference (IOR) to enable
authentication for an enterprise application. This is accomplished by adding the
<login-config>
element to the runtime deployment descriptor, sun-ejb-jar.xml.
You can use the USERNAME-PASSWORD authentication method for an enterprise bean. You can
use either the BASIC or CLIENT-CERT authentication methods for web service endpoints.
For more information on specifying an authentication mechanism, read
or
Securing Enterprise Beans
The Java EE 5 Tutorial · September 2007
806
