EJB Container Provided SecurityNote that only session beans can be secured with Java EE security services. Define roles within the system: public interface Roles {
String ADMIN = "Administrator";
String USER = "User";
}
@Stateless
@DeclareRoles({Roles.ADMIN, Roles.USER})
@RolesAllowed({})
public class MyClass implements MyClassLocal { private void methodThatNobodyCanCall() {...} @RolesAllowed({Roles.ADMIN}) public void methodThatAdminsCanCall() {...} }
following notation will allow all users, including unauthenticated anonymous users, to access its following class/method @PermitAll
If the user does not have appropriate permissions a javax.ejb.EJBAccessException will be raised. Get username of session invoker @Resource
private SessionContext context;
final String callerName = context.getCallerPrincipal().getName();
Impersonate (run as another user) @RunAs(Roles.ADMIN)
@PermitAll
public class OpenClass implements OpenClassLocal, OpenClassRemote { ...}
|