background image

Security Roles

<< Composing the Method Element | Mapping Security Roles >>
<< Composing the Method Element | Mapping Security Roles >>

Security Roles

there are multiple methods with the same overloaded name, however, this style refers to all
of the overloaded methods. All of the parameters are the fully-qualified Java types, for
example, java.lang.String.
<method>
<ejb-name>EJB_NAME</ejb-name>
<method-name>METHOD</method-name>
<method-params>
<method-param>PARAMETER_1</method-param>
<method-param>PARAMETER_2</method-param>
</method-params>
</method>
The following example illustrates how security roles are assigned method permissions in the
deployment descriptor:
...
<method-permission>
<role-name>employee</role-name>
<method>
<ejb-name>EmployeeService</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
<method-permission>
<role-name>employee</role-name>
<method>
<ejb-name>AardvarkPayroll</ejb-name>
<method-name>findByPrimaryKey</method-name>
</method>
<method>
<ejb-name>AardvarkPayroll</ejb-name>
<method-name>getEmployeeInfo</method-name>
</method>
<method>
<ejb-name>AardvarkPayroll</ejb-name>
<method-name>updateEmployeeInfo</method-name>
</method>
</method-permission>
<method-permission>
<role-name>payroll-department</role-name>
<method>
<ejb-name>AardvarkPayroll</ejb-name>
<method-name>findByPrimaryKey</method-name>
</method>
<method>
Securing Enterprise Beans
The Java EE 5 Tutorial · September 2007
810