Specifying Method Permissions
Specifying Method Permissions
Specifying Method Permissions
If you have defined security roles for the enterprise beans in the ejb-jar file, you can also
specify the methods of the business interface, home interface, component interface, and/or web
service endpoints that each security role is allowed to invoke.
You can use annotations and/or the deployment descriptor for this purpose. Refer to the
following sections for more information on specifying method permissions:
Specifying Method Permissions Using Annotations
The method permissions for the methods of a bean class can be specified on the class, the
business methods of the class, or both. Method permissions can be specified on a method of the
bean class to override the method permissions value specified on the entire bean class. The
following annotations are used to specify method permissions:
@RolesAllowed(
"list-of-roles")
The value of the @RolesAllowed annotation is a list of security role names to be mapped to
the security roles that are permitted to execute the specified method or methods. Specifying
this annotation on the bean class means that it applies to all applicable business methods of
the class.
@PermitAll
The @PermitAll annotation specifies that all security roles are permitted to execute the
specified method or methods. Specifying this annotation on the bean class means that it
applies to all applicable business methods of the class.
@DenyAll
The @DenyAll annotation specifies that no security roles are permitted to execute the
specified method or methods.
The following example code illustrates the use of these annotations:
@RolesAllowed(
"admin")
public class SomeClass {
public void aMethod () {...}
public void bMethod () {...}
...
}
@Stateless public class MyBean implements A extends SomeClass {
@RolesAllowed(
"HR")
public void aMethod () {...}
Securing Enterprise Beans
Chapter 29 · Securing Java EE Applications
807
