Oracle® Containers for J2EE Enterprise JavaBeans Developer's Guide 10g (10.1.3.1.0) Part Number B28221-02 |
|
|
View PDF |
In an EJB 3.0 application, you can use the javax.annotation.security
annotations defined in JSR250 to configure security options on EJB 3.0 session beans.
Table 22-2 summarizes the security annotations that OC4J supports. For an example of how to use these annotations, see "Using Annotations".
Table 22-2 Security Annotations
Annotation | Description | Applicable To |
---|---|---|
Defines the role of the application during execution in a Java EE container. The role must map to the user/group information in the container's security realm. For more information, see "Specifying the runAs Security Identity". |
Class |
|
Specifies the security roles permitted to access methods in an application. For more information, see "Specifying a Role for an EJB Method". |
Class, method, or both. Method specification overrides class specification if present. |
|
Specifies that all security roles are allowed to invoke the specified methods. For more information, see "Specifying Unchecked Security for EJB Methods". |
Class or method. Class specification applies to all methods. Method specification applies only to that method. |
|
Specifies that no security roles are allowed to invoke the specified methods. |
Class or method. Class specification applies to all methods. Method specification applies only to that method. |
|
Specifies the security roles used by the application. |
Class |
When using @PermitAll
, @DenyAll
and @RolesAllowed
annotations, observe the following restrictions:
@PermitAll
, @DenyAll
, and @RolesAllowed
annotations must not be applied on the same method or class.
In the following cases, the method level annotations take precedence over the class level annotation:
@PermitAll
is specified at the class level and @RolesAllowed
or @DenyAll
are specified on methods of the same class;
@DenyAll
is specified at the class level and @PermitAll
or @RolesAllowed
are specified on methods of the same class;
@RolesAllowed
is specified at the class level and @PermitAll
or @DenyAll
are specified on methods of the same class.
Note:
You can download an EJB 3.0 security annotation code example from:http://www.oracle.com/technology/tech/java/oc4j/ejb3/howtos-ejb3/howtoejb30security/doc/how-to-ejb30-security-ejb.html
.Example 22-9 shows how to use the @RolesAllowed
annotation. For more information and examples, see the JSR250 specification.