Hi,

I have RESTful web service

    @Path("/education")  
    public class EducationRest {  
          
        @EJB  
        private EducationBean service;  
          
        @GET  
        @Path("/readAll")  
        @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})  
        public List<EducationDTO> read() throws NamingException {  
            return service.readAllEducations();  
        }  
    ...  

and web.xml security constraints

    ...  
    <security-role>  
        <role-name>admin</role-name>  
    </security-role>  
    <security-constraint>  
        <web-resource-collection>  
            <web-resource-name>Administrator permissions</web-resource-name>  
            <url-pattern>/education/*</url-pattern>  
        </web-resource-collection>  
        <auth-constraint>  
             <role-name>admin</role-name>  
        </auth-constraint>  
    </security-constraint>  
    ...  

Do I have to specify security constraints again in the ejb-jar.xml for every
local EJB or local beans can be unchecked(@PermitAll)?

    @Stateless  
    public class EducationBean {  
      ...  
      public List<EducationDTO> readAllEducations(){  
        ...  
      }  
    }  

    ...  
    <assembly-descriptor>  
        <method-permission>  
            <role-name>admin</role-name>  
            <method>  
                <ejb-name>EducationBean</ejb-name>  
                <method-name>*</method-name>  
            </method>  
        </method-permission>  
    </assembly-descriptor>  
    ...  

Thank you,
Dragan.



--
View this message in context: 
http://tomee-openejb.979440.n4.nabble.com/Local-EJB-security-tp4680357.html
Sent from the TomEE Users mailing list archive at Nabble.com.

Reply via email to