[jboss-user] [Security & JAAS/JBoss] - Re: Latest JAAS Tutorial for Database communication
smeaggie
do-not-reply at jboss.com
Tue Feb 20 02:35:31 EST 2007
ah that's quiet another story, I described securing a web app, not ejb's. You must annotate the EJB's with the security domain and allowed roles, like this: (assuming you work with EJB3 that is)
@Stateless()
| @SecurityDomain("exampleDomain")
| public class MyBean implements MyBeanRemote {
| /**
| * allowed to everyone
| */
| @PermitAll()
| public String getSimpleString() {
| return "unsecure";
| }
|
| /**
| * Only 'admin' role allowed
| */
| @RolesAllowed({"Admin"})
| public String getAdvancedString() {
| return "secured";
| }
| }
I'm not experienced with remote clients, all my clients are local... Someone else has to fill in that part.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4019216#4019216
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4019216
More information about the jboss-user
mailing list