S E C U R I T Y
Securing Your Application
To enable security in your EJB and Web applications, you must declare the EJB method
permissions and web content constraints using the standard ejb jar.xml and web.xml
descriptors respectively. In addition, you must specify the security domain which JBoss will
use to perform the authentication and authorization checks. This is done using the security
domain element in the jboss.xml EJB descriptor and jboss web.xml Web application
descriptor. Listing 8 3 gives examples of an ejb jar.xml descriptor that makes use of the
standard declarative security elements while Listing 8 4 gives an example jboss.xml
descriptor that specifies the required security domain information. The security related
elements are highlighted in bold italic and numbered for discussion.
Listing 8 3, A sample ejb jar.xml descriptor illustrating the use of the security elements.
SecurityTests
A secured trival echo session bean
StatelessSession
org.jboss.test.security.interfaces.StatelessSessionHome
org.jboss.test.security.interfaces.StatelessSession
org.jboss.test.security.ejb.StatelessSessionBean
Stateless
Container
A secured trival echo session bean that calls
getCallerPrincpal in ejbCreate
SecureCreateSession
org.jboss.test.security.interfaces.StatelessSessionHome
org.jboss.test.security.interfaces.StatelessSession
org.jboss.test.security.ejb.StatelessSessionBean4
Stateless
Container
A secured trival echo session bean
org/jboss/test/security/ejb/StatelessSession_test
org.jboss.test.security.interfaces.StatelessSessionHome
org.jboss.test.security.interfaces.StatelessSession
org.jboss.test.security.ejb.StatelessSessionBean
Stateless
Container
#1
with use of isCallerInRole().
75
footer
Our partners:
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Java Hosting
Cheapest Hosting
Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved