[CONF] OpenEJB: Security Annotations (page created)

Tue, 11 Sep 2007 15:31:33 -0700

Page Created : OPENEJB : Security Annotations

Security Annotations has been created by David Blevins (Sep 11, 2007).

Content:

This page shows the correct usage of the security related annotations:

  • javax.annotation.security.RolesAllowed
  • javax.annotation.security.PermitAll
  • javax.annotation.security.DenyAll
  • javax.annotation.security.RunAs
  • javax.annotation.security.DeclareRoles

Basic idea

  • By default all methods of a business interface are accessible, logged in or not
  • The annotations go on the bean class, not the business interface
  • Security annotations can be applied to entire class and/or individual methods
  • The names of any security roles used must be declared via @DeclaredRoles

Restricting a Method

Restrict the 'svnCommit' method to only individuals logged in and part of the "committer" role. Note that more than one role can be listed.

@Stateless
@DeclareRoles({"committer"})
public class OpenSourceProjectBean implements Project {

    @RolesAllowed({"committer"})
    public String svnCommit(String s) {
        return s;
    }
}

DeclaredRoles

You need to update the @DeclaredRoles when referencing more roles in your annotations.

@Stateless
@DeclareRoles({"committer", "contributor"})
public class OpenSourceProjectBean implements Project {

    @RolesAllowed({"committer"})
    public String svnCommit(String s) {
        return s;
    }

    @RolesAllowed({"contributor"})
    public String submitPatch(String s) {
        return s;
    }
}

Restricting all methods in a class

@Stateless
@DeclareRoles({"committer", "contributor"})
public class OpenSourceProjectBean implements Project {

    @RolesAllowed({"committer"})
    public String svnCommit(String s) {
        return s;
    }

    @RolesAllowed({"contributor"})
    public String submitPatch(String s) {
        return s;
    }
}

Example

Business Interface
public static interface Project {

    public String svnCommit(String s);
    public String submitPatch(String s);
    public String svnCheckout(String s);
    public String deleteProject(String s);
    public boolean isCallerInRole(String s);
}
@Stateless
@DeclareRoles({"committer", "contributor","community"})
public class FooBean implements Project {

    @Resource
    private SessionContext context;

    @RolesAllowed({"committer"})
    public String svnCommit(String s) {
        return s;
    }

    @RolesAllowed({"committer", "contributor"})
    public String submitPatch(String s) {
        return s;
    }

    @PermitAll
    public String svnCheckout(String s) {
        return s;
    }

    @DenyAll
    public String deleteProject(String s) {
        return s;
    }

    public boolean isCallerInRole(String role){
        return context.isCallerInRole(role);
    }
}
@Stateless
@RunAs("contributor")
@DeclareRoles({"committer", "contributor","community"})
public class BarBean implements Project {

    @Resource
    private SessionContext context;

    @RolesAllowed({"committer"})
    public String svnCommit(String s) {
        return s;
    }

    @RolesAllowed({"committer", "contributor"})
    public String submitPatch(String s) {
        return s;
    }

    @PermitAll
    public String svnCheckout(String s) {
        return s;
    }

    @DenyAll
    public String deleteProject(String s) {
        return s;
    }

    @PermitAll
    public boolean isCallerInRole(String role){
        return context.isCallerInRole(role);
    }
}

Powered by Atlassian Confluence (Version: 2.2.9 Build:#527 Sep 07, 2006) - Bug/feature request

Unsubscribe or edit your notifications preferences

Reply via email to