Appendix G. Security: Secured School Example

Description

Multiuser applications, in order to be secure, must respect that there are differences in user types. For instance, perhaps a system administrator should be given access to alter records hidden to typical users. Coding security logic inside our applications, however, mixes concerns and makes code less maintainable. EJB therefore provides as a service a role-based security model which is both declarative (via metadata) and programmatic (via an API).

In this example we model a school with strict policies about who can open the doors when. Here we showcase the use of @RolesAllowed, @DeclareRoles, @RunAs and @PermitAll.

Source Listing

Following is a full listing of all source code used in this runnable example.

Implementation Resources

FireDepartmentLocalBusiness.java

package org.jboss.ejb3.examples.ch15.secureschool.api; /** * Represents a fire department capable of declaring * a state of emergency. Anyone may invoke this support, * and when an alert is raised we'll close the local school. * * @author <a href="mailto:andrew.rubinger@jboss.org">ALR</a> * @version $Revision: $ */ public interface FireDepartmentLocalBusiness { // ---------------------------------------------------------------------------|| // Contracts -----------------------------------------------------------------|| ...

Get Enterprise JavaBeans 3.1, 6th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.