Understanding and declaring roles
Roles are defined within an application in one of two ways: using the @DeclareRoles annotation and the @RolesAllowed annotation. In this recipe we will detail the @DeclareRoles annotation while the @RolesAllowed annotation will be introduced but developed further in the Controlling security using declarations recipe.
The two basic steps used to configure roles involve:
- Using the @DeclareRoles annotation to specify the roles used by the class
- Adding the @RolesAllowed annotation to restrict access to methods
The @DeclareRoles annotation, as its name implies, declares the roles used by the application and is applied at the class level. That is, these are the roles to be used with the annotated EJB. The ...