Declaring Security Roles Using Annotations in java

Chapter 11 - Security Management

    Declaring Security Roles Using Annotations in java

  • Declaring Security Roles Using Annotations

    The @DeclareRoles annotation is specified on a bean class, where it serves to declare roles that can be tested by calling isCallerInRole from within the methods of the annotated class.

    Use the security roles referenced in the code using the @DeclareRoles annotation. When declaring the name of a role used as a parameter to the isCallerInRole(String roleName) method, the declared name must be the same as the parameter value.

    @Stateless public class PayrollBean implements Payroll {
        @Resource SessionContext ctx;
    
        public void updateEmployeeInfo(EmplInfo info) {
    
            oldInfo = ... read from database;
    
            // The salary field can be changed only by callers
            // who have the security role "payroll"
            if (info.salary != oldInfo.salary &&
                !ctx.isCallerInRole("payroll")) {
                    throw new SecurityException(...);
            }
            ...
        }
        ...
    }
    

    • Declare the name of the security role using the role-name element in the deployment descriptor. The name must be the security role name that is used as a parameter to the isCallerInRole(String roleName) method.

    • Provide a description of the security role in the description element.

    ...
    < enterprise-beans >
        ...
          AardvarkPayroll  com.aardvark.payroll.PayrollBean ...   This security role should be assigned to the employees of the payroll department who are allowed to update employees’ salaries.   payroll 
    
    ...
    < enterprise-beans >
        ...
        < session >
    
            < ejb-name >
    AardvarkPayroll </ejb-name >
    
            < ejb-class >
    com.aardvark.payroll.PayrollBean </ejb-class >
    
            ...
            < security-role-ref >
    
                < description >
    
                    This security role should be assigned to the
                    employees of the payroll department who are
                    allowed to update employees’ salaries.
                </ description >
    
                < role-name >
    payroll </role-name >
    
            </ security-role-ref >
    
            ...
        </ session >
    
        ...
    </ enterprise-beans >
    
    ...
    

© 2015 by Learncertification All Rights Reserved. The certification names are the trademarks of their respective owners. Terms & Privacy Policy