Controlling security using declarations

Declarative security allows users, defined by roles, to access methods of a class. This is accomplished using a series of annotations to permit either certain roles to use a method, to permit all roles to use a method, or to deny access for all roles.

Getting ready

The application developer needs to determine which users (roles) should be permitted to access which methods. Once this has been determined, the classes and methods are annotated to affect these decisions.

Declarative security can be achieved using any of several annotations including @RolesAllowed, @PermitAll, and @DenyAll annotations. Each of these annotations has restrictions on where they can be used.


Use With


@PermitAll ...

Get EJB 3.1 Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.