Using Deployment Descriptors
Using Deployment Descriptors
public void cMethod () {...}
...
}
In this example, assuming aMethod, bMethod, and cMethod are methods of business interface A,
the method permissions values of methods aMethod and bMethod are @RolesAllowed("HR")
and @RolesAllowed("admin") respectively. The method permissions for method cMethod have
not been specified.
To clarify, the annotations are not inherited by the subclass per se, they apply to methods of the
superclass which are inherited by the subclass. Also, annotations do not apply to CMP entity
beans.
An example that uses annotations to specify method permissions is described in
Specifying Method Permissions Using Deployment Descriptors
Note
Any values explicitly specified in the deployment descriptor override any values specified
in annotations. If a value for a method has not been specified in the deployment descriptor, and
a value has been specified for that method by means of the use of annotations, the value
specified in annotations will apply. The granularity of overriding is on the per-method basis.
You define the method permissions in the deployment descriptor using the
method-permission
elements, as discussed below:
Each method-permission element includes a list of one or more security roles and a list of
one or more methods. All the listed security roles are allowed to invoke all the listed
methods. Each security role in the list is identified by the role-name element. Each method
(or set of methods) is identified by the method element.
The method permissions relation is defined as the union of all the method permissions
defined in the individual method-permission elements.
A security role or a method can appear in multiple method-permission elements.
Securing Enterprise Beans
The Java EE 5 Tutorial · September 2007
808
