English 中文(简体)
EJB - Security
  • 时间:2024-12-22

EJB - Security


Previous Page Next Page  

Security is a major concern of any enterprise level apppcation. It includes identification of user(s) or system accessing the apppcation. Based on identification, it allows or denies the access to resources within the apppcation. An EJB container manages standard security concerns or it can be customized to handle any specific security concerns.

Important Terms of Security

    Authentication − This is the process ensuring that user accessing the system or apppcation is verified to be authentic.

    Authorization − This is the process ensuring that authentic user has right level of authority to access system resources.

    User − User represents the cpent or system, which accesses the apppcation.

    User Groups − Users may be part of the group having certain authorities For example administrator s group.

    User Roles − Roles define the level of authority, a user have or permissions to access a system resource.

Container Managed Security

EJB 3.0 has specified following attributes/annotations of security, which EJB containers implement.

    DeclareRoles − Indicates that class will accept the declared roles. Annotations are appped at class level.

    RolesAllowed − Indicates that a method can be accessed by user of role specified. Can be appped at class level resulting which all methods of class can be accessed buy user of role specified.

    PermitAll − Indicates that a business method is accessible to all. It can be appped at class as well as at method level.

    DenyAll − Indicates that a business method is not accessible to any of the user specified at class or at method level.

Example

package com.tutorialspoint.security.required;
 
import javax.ejb.*
 
@Stateless
@DeclareRoles({"student" "pbrarian"})
pubpc class LibraryBean implements LibraryRemote {

   @RolesAllowed({"pbrarian"})
   pubpc void delete(Book book) {
	  //delete book
   }
   
   @PermitAll
   pubpc void viewBook(Book book) {
      //view book
   }
   
   @DenyAll
   pubpc void deleteAll() {
      //delete all books
   } 
}

Security Configuration

Map roles and user groupd in configuration file.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Apppcation Server 9.0 EJB 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-ejb-jar_3_0-0.dtd">
<ejb-jar>
   <security-role-mapping>
      <role-name>student</role-name>
      <group-name>student-group</group-name>
   </security-role-mapping>
   <security-role-mapping>
      <role-name>pbrarian</role-name>
      <group-name>pbrarian-group</group-name>
   </security-role-mapping>  
   <enterprise-beans/>
</ejb-jar>
Advertisements