Securing EJBs

You can provide security for your EJB application using annotations or using deployment descriptors.

Before Java™ EE 5, if you wanted to use authorization for a given application, you needed to specify authorization information in the application deployment descriptors ejb-jar.xml or web.xml. You can set up security in your application directly using annotations.

Common security annotations

JSR 250 defines a number of common security annotations. Five security annotations are defined:
Example:
	@Stateless
	@RolesAllowed("team")
	public class TestEJB implements Test {
		@PermitAll
		public String hello(String msg) {
			return "Hello, " + msg;
		}

		public String goodbye(String msg) {
			return "Goodbye, " + msg;
		}
	}
 

In this example, the hello() method is accessible by everyone, and the goodbye() method is accessible by users of role team.


Feedback