background image

Enterprise Bean Security Deployment

<< Trust between Containers | Configuring IOR Security >>
<< Trust between Containers | Configuring IOR Security >>

Enterprise Bean Security Deployment

Using Enterprise Bean Security Deployment
Descriptor Elements
Enterprise JavaBeans components use an EJB deployment descriptor that must be named
META-INF/ejb-jar.xml
and must be contained in the EJB JAR file. The role of the deployment
descriptor is to relay information to the deployer about security and other aspects of the
application. Specifying this information in annotations or in the deployment descriptor helps
the deployer set up the appropriate security policy for the enterprise bean application. More
detail about the elements contained in deployment descriptors is available in the Sun Java
System Application Server 9.1 Application Deployment Guide.
Note ­
Using annotations is the recommended method for adding security to enterprise bean
applications.
Any values explicitly specified in the deployment descriptor override any values specified in
annotations. If a value for a method has not been specified in the deployment descriptor, and a
value has been specified for that method by means of the use of annotations, the value specified
in annotations will apply. The granularity of overriding is on the per-method basis.
The following is a listing of deployment descriptor elements that address security, can be used
in an enterprise bean, and are discussed in this tutorial:
The security-role-ref element declares each security role referenced in the code. Use of
this element is discussed in
"Declaring Security Roles Using Deployment Descriptor
Elements" on page 803
.
The security-role element defines broad categories of users, and is used to provide access
to protected methods. Use of this element is discussed in
"Defining Security Roles" on
page 804
.
The method-permission element is used to specify method permissions. Use of these
elements is discussed in
"Specifying Method Permissions Using Deployment Descriptors"
on page 808
.
The run-as element is used to configure a component's propagated security identity. Use of
this element is discussed in
"Configuring a Component's Propagated Security Identity" on
page 814
.
The schema for ejb-jar deployment descriptors can be found in section 18.5, Deployment
Descriptor XML Schema, in the EJB 3.0 Specification (JSR-220) at
http://jcp.org/en/jsr/detail?id=220
.
Securing Enterprise Beans
The Java EE 5 Tutorial · September 2007
816