This content has been marked as final.
Show 3 replies
-
1. Re: Question about ejb security
jaikiran May 8, 2013 12:28 AM (in response to elapaz)See if this helps https://docs.jboss.org/author/display/AS72/Securing+EJBs
-
2. Re: Question about ejb security
elapaz May 8, 2013 8:37 AM (in response to jaikiran)Thanks! but i have already read that article. Seems that using @RolesAllowed is the only way it works.
One more question, whats the difference between annotating an ejb with @PermitAll and having an ejb without security annotations.
-
3. Re: Question about ejb security
sfcoy May 8, 2013 9:04 AM (in response to elapaz)Role based authorisation is central to the way JEE authorisation works.
It's often useful to have a role that is assigned to all authenticated users. Then you can just use @RolesAllowed("all") on your methods (assuming you named this role "all").
@PermitAll is equivalent to no security, or unchecked. You might use this on a method of a class that has specified @DenyAll or @RolesAllowed at the class level.