Security roles and method permissions
You can use UML class diagrams to visually manage EJB security. This includes creating security roles and configuring method permissions. Only the support for for configuring security for EJB 3.0 beans using security annotations is discussed here.
An EJB 3.0 security configuration involves the creation of required security roles and the definition of the EJB method security permissions. Linking of security to roles to roles defined in the container is not discussed here. This is typically done using annotations.The following steps document how this is achieved:
| To create a security role for a specific EJB, right-click the bean and select Add EJB 3.0 Æ Security Æ Declare Roles. In the Declare the Roles dialog (Figure | 12, left), click the Add button and provide the name of a security role, for example, Customer. Click Finish on the add dialog and then click Finish again in the Declare the Roles dialog to complete the process. |
|
| This adds the annotation @DeclareRoles(value="Customer") to the source code for the EJB, and the EJB shown in the class diagram is updated with <<DeclaredRoles>> to indicate that a security role is now present (Figure | 12, right side). |
Figure 7-12 Declare the roles dialog and diagram stereotype
|
| To define method permissions for an EJB 3.0 session bean, select a bean method in the class diagram, for example, getCustomersAll. To define method permissions, right-click the selected method and select Add EJB 3.0 Æ Security Æ Set Allowed Roles. The roles permitted to execute the method can then be selected from the Set Allowed Roles dialog. This adds the annotation @RolesAllowed(value="Customer") to the getCustomersAll method in the source file for the bean and updates the method in the class diagram with <<RolesAllowed>>. Figure | 13 shows an EJB with method permissions set for the getCustomerAll method. |
Figure 7-13 EJB 3.0 session bean with method permissions
|
ibm.com/redbooks |