Enterprise Bean Security Deployment
Enterprise Bean Security Deployment
Using Enterprise Bean Security Deployment
Descriptor Elements
Enterprise JavaBeans components use an EJB deployment descriptor that must be named
META-INF/ejb-jar.xml
and must be contained in the EJB JAR file. The role of the deployment
descriptor is to relay information to the deployer about security and other aspects of the
application. Specifying this information in annotations or in the deployment descriptor helps
the deployer set up the appropriate security policy for the enterprise bean application. More
detail about the elements contained in deployment descriptors is available in the Sun Java
System Application Server 9.1 Application Deployment Guide.
Note
Using annotations is the recommended method for adding security to enterprise bean
applications.
Any values explicitly specified in the deployment descriptor override any values specified in
annotations. If a value for a method has not been specified in the deployment descriptor, and a
value has been specified for that method by means of the use of annotations, the value specified
in annotations will apply. The granularity of overriding is on the per-method basis.
The following is a listing of deployment descriptor elements that address security, can be used
in an enterprise bean, and are discussed in this tutorial:
The security-role-ref element declares each security role referenced in the code. Use of
this element is discussed in
The security-role element defines broad categories of users, and is used to provide access
to protected methods. Use of this element is discussed in
The method-permission element is used to specify method permissions. Use of these
elements is discussed in
The run-as element is used to configure a component's propagated security identity. Use of
this element is discussed in
The schema for ejb-jar deployment descriptors can be found in section 18.5, Deployment
Descriptor XML Schema, in the EJB 3.0 Specification (JSR-220) at
Securing Enterprise Beans
The Java EE 5 Tutorial · September 2007
816