Security and EJBs

EJB security is determined either by the declarative entries added to the DD, the programmatic constraints coded into the EJBs, or a combination of both.

Ideally, EJB security should only use the declarative approach, but where declarative security cannot represent the application's requirements, security must be encoded in the EJB class. The programmatic security is less portable and may restrict the way an application assembler can combine beans from different sources.

Defining EJB Security

Defining security for an EJB involves

  • Defining one or more roles to control access to different areas of your application

  • Restricting access to EJBs and EJB methods according to the clients roles

  • Mapping roles onto principals in the authentication ...

Get Sams Teach Yourself J2EE™ in 21 Days now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.