Using annotations to secure Java EE applications

You can provide security for your Java™ EE enterprise application directly in your source code using annotations.

About this task

Common security annotations: JSR 250 defines a number of common security annotations. Five security annotations are defined:

Procedure

  1. javax.annotation.security.PermitAll:
    • Can be used at type or method level.
    • Indicates that the given method or all business methods of the given EJB are accessible by everyone.
  2. javax.annotation.security.DenyAll:
    • Can be used at method level.
    • Indicates that the given method in the EJB cannot be accessed by anyone.
  3. javax.annotation.security.RolesAllowed:
    • Can be used at type or method level.
    • Indicates that the given method or all business methods in the EJB can be accessed by users associated with the list of roles.
  4. javax.annotation.security.DeclareRoles:
    • Can be used at type level.
    • Defines roles for security checking. To be used by EJBContext.isCallerInRole, HttpServletRequest.isUserInRole, and WebServiceContext.isUserInRole.
  5. javax.annotation.security.RunAs:
    • Can be used at type level.
    • Specifies the run-as role for the given components.

Example

Using security annotations

Invalid use of security annotations


Feedback