Security and EJBs
EJB security is determined either by the declarative entries added to the DD, the programmatic constraints coded into the EJBs, or a combination of both.
Ideally, EJB security should only use the declarative approach, but where declarative security cannot represent the application's requirements, security must be encoded in the EJB class. The programmatic security is less portable and may restrict the way an application assembler can combine beans from different sources.
Defining EJB Security
Defining security for an EJB involves
Defining one or more roles to control access to different areas of your application
Restricting access to EJBs and EJB methods according to the clients roles
Mapping roles onto principals in the authentication ...
Get Sams Teach Yourself J2EE™ in 21 Days now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.