Using Annotations

Annotations enable a declarative style of programming, and so encompass both the declarative and programmatic security concepts. Users can specify information about security within a class file using annotations. When the application is deployed, this information is used by the Application Server. Not all security information can be specified using annotations, however. Some information must be specified in the application deployment descriptors.

Annotations let you avoid writing boilerplate code under many circumstances by enabling tools to generate it from annotations in the source code. This leads to a declarative programming style, where the programmer says what should be done and tools emit the code to do it. It also eliminates the need for maintaining side files that must be kept up to date with changes in source files. Instead the information can be maintained in the source file.

In this tutorial, specific annotations that can be used to specify security information within a class file are described in the following sections:

• Declaring Security Requirements Using Annotations

• Using Enterprise Bean Security Annotations

The following are sources for more information on annotations:

• JSR 175: A Metadata Facility for the Java Programming Language

• JSR 181: Web Services Metadata for the Java Platform

• JSR 250: Common Annotations for the Java Platform

• The Java SE discussion of annotations

Links to this information are provided in Further Information about Security.