Defining method permissions for EJB 2.x modules

You can use the Method Permission wizard to add permissions to enterprise beans on the method level.

Before you begin

For EJB 1.1 projects, you must define a security role before you can add a method permission to an enterprise bean. For EJB 2.x projects, method permissions can specify a security role to use for the method permission, or you can specify that the selected methods from the selected beans do not require authorization to execute.

Procedure

  1. In the Enterprise Explorer view of the Java™ EE perspective, right-click the deployment descriptor for your EJB project and select Open With > Deployment Descriptor Editor to open the deployment descriptor editor.
  2. On the Assembly page of the editor, click Add in the Method Permissions section.
  3. For EJB 2.x projects, complete one of the following options, then click Next:
    • Select the Security roles radio button, and select the existing security roles that is used to check authorization before the method is invoked.
    • Select the Cleared radio button. This method allows you to specify that certain methods do not require authorization before they can be invoked.
  4. For EJB 1.x projects, select the existing security roles that is used to check authorization before the method is invoked, then click Next.
  5. Select one or more enterprise beans from the list of beans found and click Next.
  6. Select the methods that you want to define permissions for.
    Tip: All the methods associated with the selected enterprise bean are listed. You can use the Apply to All and Clear All buttons to quickly select or clear multiple methods. It checks only the '*' method per bean. Creating a method permission for the exact method signature overrides the default ('*') method permission setting. The '*' method represents all the methods within the bean. Also there are '*' per interface as well. By not checking all the individual methods in the tree, you can set other permissions on the remaining methods.
  7. Click Finish.

Results

After the method permission has been created, you will see newly created method permission in the tree. If you expand the tree, the bean and methods that are defined in the method permission are displayed.

What to do next

After you define method permissions, you can use the deployment descriptor editor to work with them:

Feedback