0 Replies Latest reply on May 27, 2009 9:28 AM by jl2424

    @PermitAll, @DenyAll, @RolesAllowed(Role), @RunAs(Role) ??

      We are developing a small EJB application for a university lecture using EJB 3.0, JBoss and Servlet (or JSP alternatively). Can we use the @PermitAll, @DenyAll, @RolesAllowed(Role), @RunAs(Role) annotations to secure our servlets? Or do we have to do it the traditional way, writing some session property after a user has logged in and then evaluation the session for every servlet (if session.getProperty("loggedin")==true then show servlet else redirect to 404)?