1 Reply Latest reply on Jul 11, 2008 8:50 AM by jaikiran pai

    Question on security

    kelly goedert Apprentice


      using EJB annotations I can restrict a certain role to have access to a method. I have a situation where a user has roles, and this roles have certain rights.
      Is there anyway I can do this with ejb 3?


        • 1. Re: Question on security
          jaikiran pai Master

          Using the @SecurityDomain and @RolesAllowed, you can restrict the method access. Here's an example:

          @Remote( { UserManagerRemote.class })
          @Local (UserManagerLocal.class)
          @RemoteBinding(jndiBinding = "RemoteUserManagerBean")
          @SecurityDomain (value="other")
          public class UserManagerBean implements UserManagerLocal, UserManagerRemote {
           @RolesAllowed (value="admin")
           public User getUser(long id) {
          System.out.println("Bean method successfully called");
           // do something
           return user;