4 Replies Latest reply: Aug 11, 2012 12:11 AM by Stephen Coy RSS

    @RolesAllowed, @DenyAll usage in web tier?

    Patrick Garner Newbie

      I'm looking at a table in the JEE 6 specification section EE.6.25 that seems to indicate that web containers must support the following annotations: @PermitAll, @DenyAll, @RolesAllowed, @DeclareRoles and @RunAs

       

      EE.6.25 Common Annotations for the Java™ Platform 1.1 Requirements

       

      The Common Annotations specification defines Java language annotations that are

      used by several other specifications, including this specification. The specifications

      that use these annotations fully define the requirements for these annotations. The

      applet container need not support any of these annotations. All other containers

      must provide definitions for all of these annotations, and must support the semantics

      of these annotations as described in the corresponding specifications and

      summarized in the following table.

       

      Table EE.6-5 Common Annotations Support by Container

       

      Annotation
      App Client
      WebEJB
      ResourceYYY
      ResourcesYYY
      PostConstructYYY
      PreDestroyYYY
      GeneratedNNN
      RunAsNYY
      DeclareRolesNYY
      RolesAllowedNYY
      PermitAllNYY
      DenyAllNYY




       

      What kinds of objects can these @RolesAllowed and @DenyAll be used on in the web tier?  Can these annotations be used with managed beans?  If not, why not?