[jboss-user] [Security & JAAS/JBoss] - Re: Latest JAAS Tutorial for Database communication

smeaggie Mon, 19 Feb 2007 23:36:18 -0800

ah that's quiet another story, I described securing a web app, not ejb's. You 
must annotate the EJB's with the security domain and allowed roles, like this: 
(assuming you work with EJB3 that is)
@Stateless()
  | @SecurityDomain("exampleDomain")
  | public class MyBean implements MyBeanRemote {
  |    /**
  |     * allowed to everyone
  |     */
  |    @PermitAll()
  |    public String getSimpleString() {
  |       return "unsecure";
  |    }
  |    
  |    /**
  |     * Only 'admin' role allowed
  |     */
  |    @RolesAllowed({"Admin"})
  |    public String getAdvancedString() {
  |       return "secured";
  |    }
  | }
I'm not experienced with remote clients, all my clients are local... Someone 
else has to fill in that part.


View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4019216#4019216

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4019216
_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security & JAAS/JBoss] - Re: Latest JAAS Tutorial for Database communication

Reply via email to