Chapter 11 - Security Management
The security management defines method permissions is declared in the enterprise bean deployment descriptor. Container-managed security makes an enterprise bean more flexible.
A security role is a name given to a grouping of information resource access permissions that are defined for an application.
Associating a principal with this security role grants the associated access permissions to that principal role.
Deployment descriptor (ejb-jar.xml) for an entity bean that is using container-managed security:
< assembly-descriptor >
< security-role >
< role-name > adm_role < /role-name >
< /security-role >
< method-permission >
< description>only remote access < /description >
< role-name < adm_role < /role-name >
< method >
< ejb-name > EntityBMP < /ejb-name >
< method-intf > Remote < /method-intf >
< method-name < withdraw < /method-name >
< /method >
< /method-permission >
< /assembly-descriptor >
element identifies the only security role that is allowed to invoke the withdraw method on the remote interface. The element consists of an optional description, a list of security role names, and a list of method elements.
element contains the definition of a security role used by the bean. The security roles used in the element must be defined in the elements of the deployment descriptor.
Java Security Management in java