The following sections describe declarative and programmatic security mechanisms that can be used to protect resources in the EJB tier. The protected resources include methods of enterprise beans that are called from the application clients, Web components, or other enterprise beans.
You can protect EJB-tier resources by doing the following:
Declaring method permissions
Mapping roles to J2EE users and groups
After you’ve defined the roles, you can define the method permissions of an enterprise bean. Method permissions indicate which roles are allowed to invoke which methods.
Use the following procedure in deploytool to specify method permissions by mapping roles to methods.
Select the enterprise ...