JDK 1.4 Annotated Security
AOP Security brings J2EE/EJB like security to plain Java classes. Read up on EJB security to get a feel of what we are talking about here. You can apply security either through XML or via annotations.
Annotated Security with JDK 1.4 requires our AnnotationCompiler. There are 5 annotations that make up annotated security. These annotations almost identically match EJB3 based annotations.
org.jboss.aspects.security.SecurityDomain
org.jboss.aspects.security.Permissions
org.jboss.aspects.security.Unchecked
org.jboss.aspects.security.Excluded
org.jboss.aspects.security.RunAs
/** * @@org.jboss.aspects.security.SecurityDomain ("other") * @@org.jboss.aspects.security.RunAs ({"allowed"}) */ public class AnnotatedSecuredPOJO { /** * @@org.jboss.aspects.security.Permissions ({"allowed"}) */ public int someField; /** * @@org.jboss.aspects.security.Exclude */ public String excludedField; /** * @@org.jboss.aspects.security.Unchecked */ public long uncheckedField; /** * @@org.jboss.aspects.security.Unchecked */ public AnnotatedSecuredPOJO() { } /** * @@org.jboss.aspects.security.Permissions ({"allowed"}) */ public AnnotatedSecuredPOJO(int field) { someField = field; } /** * @@org.jboss.aspects.security.Unchecked */ public void unchecked() {} /** * @@org.jboss.aspects.security.Permissions ({"allowed"}) */ public void someMethod() { } }
org.jboss.aspects.security.SecurityDomain
The @SecurityDomain annotation defines the JBoss security domain to use. See JBoss J2EE documentation on what this means. Basically it specifies the repository where usernames, passwords, and user/role associtations are stored. This annotation is only applicable at the Class level.
org.jboss.aspects.security.RunAs
The @RunAs annotation works in the same way as the EJB run-as tag. This annotation is only applicable at the Class level.
org.jboss.aspects.security.Permissions
The @Permissions annotation works in the much in the same way as the EJB method-permissions tag works in XML the difference being it can be applied to any method (static or member), any field (static or member), or any constructor.
org.jboss.aspects.security.Exclude
The @Exlude annotation works in the much in the same way as the EJB exclude-list tag works in XML the difference being it can be applied to any method (static or member), any field (static or member), or any constructor.
org.jboss.aspects.security.Unchecked
The @Unchecked annotation works in the much in the same way as the EJB unchecked tag works in XML the difference being it can be applied to any method (static or member), any field (static or member), or any constructor.
Comments