New user to the world of Jboss and J2EE (EJB?s). I have learned that for EJBs, security can be added by configuring the ejb-jar.xml file and in it assigning roles to each bean and their methods. Then we can package up the xml and the ejb?s and deploy them to Jboss.
My question is what if I want to give an administrator user the ability to log in and do role management. That is I want to programmatically create new roles and assign them to existing beans. Do I have to have the program update my ejb-jar.xml file, repackage it with the jar files and redeploy to jboss again? It doesn?t seem very efficient to do it that way. Is there a better way to do this?
That is the only option if you want to use the declarative role assignment via XML files.
If you want to do programmatic role management, you can achieve this via custom container interceptors or a security proxy implementation. Search the security forum and read the documentation for more details.