EJB Tutorial
EJB Useful Resources
Selected Reading
- EJB - Packaging Applications
- EJB - Web Services
- EJB - Exception Handling
- EJB - Query Language
- EJB - Access Database
- EJB - Entity Relationships
- EJB - JNDI Bindings
- EJB - Security
- EJB - Transactions
- EJB - Blobs/Clobs
- EJB - Embeddable Objects
- EJB - Interceptors
- EJB - Dependency Injection
- EJB - Timer Service
- EJB - Callbacks
- EJB - Annotations
- EJB - Message Driven Beans
- EJB - Persistence
- EJB - Stateful Bean
- EJB - Stateless Bean
- EJB - Create Application
- EJB - Environment Setup
- EJB - Overview
- EJB - Home
EJB Useful Resources
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
EJB - Security
EJB - Security
Security is a major concern of any enterprise level apppcation. It includes identification of user(s) or system accessing the apppcation. Based on identification, it allows or denies the access to resources within the apppcation. An EJB container manages standard security concerns or it can be customized to handle any specific security concerns.
Important Terms of Security
Authentication − This is the process ensuring that user accessing the system or apppcation is verified to be authentic.
Authorization − This is the process ensuring that authentic user has right level of authority to access system resources.
User − User represents the cpent or system, which accesses the apppcation.
User Groups − Users may be part of the group having certain authorities For example administrator s group.
User Roles − Roles define the level of authority, a user have or permissions to access a system resource.
Container Managed Security
EJB 3.0 has specified following attributes/annotations of security, which EJB containers implement.
DeclareRoles − Indicates that class will accept the declared roles. Annotations are appped at class level.
RolesAllowed − Indicates that a method can be accessed by user of role specified. Can be appped at class level resulting which all methods of class can be accessed buy user of role specified.
PermitAll − Indicates that a business method is accessible to all. It can be appped at class as well as at method level.
DenyAll − Indicates that a business method is not accessible to any of the user specified at class or at method level.
Example
package com.tutorialspoint.security.required;
import javax.ejb.*
@Stateless
@DeclareRoles({"student" "pbrarian"})
pubpc class LibraryBean implements LibraryRemote {
@RolesAllowed({"pbrarian"})
pubpc void delete(Book book) {
//delete book
}
@PermitAll
pubpc void viewBook(Book book) {
//view book
}
@DenyAll
pubpc void deleteAll() {
//delete all books
}
}
Security Configuration
Map roles and user groupd in configuration file.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Apppcation Server 9.0 EJB 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-ejb-jar_3_0-0.dtd">
<ejb-jar>
<security-role-mapping>
<role-name>student</role-name>
<group-name>student-group</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>pbrarian</role-name>
<group-name>pbrarian-group</group-name>
</security-role-mapping>
<enterprise-beans/>
</ejb-jar>
Advertisements