aspose file tools*
The moose likes EJB Certification (SCBCD/OCPJBCD) and the fly likes @DeclareRoles Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » EJB Certification (SCBCD/OCPJBCD)
Bookmark "@DeclareRoles" Watch "@DeclareRoles" New topic
Author

@DeclareRoles

Duran Harris
Ranch Hand

Joined: Nov 09, 2008
Posts: 598

Hi I'm struggling to understand what the @DeclareRoles annotation does...

I understand the @RunAs and @RolesAllowed but this is confusing me...

The way I understand it is that by the time the bean is called the caller already has a 'Principal' with it's role/s defined.....

(Also sorry to the moderators but this is a double post...I posted this in the EJB forum about 5 days ago but got no response...So I wanted to try my luck here)


===>SCJP 1.5(72%)<===
==>SCWCD1.5(76%)<===
Alexey Saenko
Ranch Hand

Joined: Aug 18, 2008
Posts: 30

The @DeclareRoles annotation specifies all roles which are used in the given class (or method). Also it is possible to specify the roles list in DD. In case there is no specified roles neither in DD nor with @DeclareRoles annotations, the container builds the list automatically by inspecting the @RolesAllowed annotation.


SCJP 6, SCBCD 5, OCEWSD 6
My blog: http://darkleden.wordpress.com
Duran Harris
Ranch Hand

Joined: Nov 09, 2008
Posts: 598

Okay thanks
Mark Garland
Ranch Hand

Joined: Nov 11, 2006
Posts: 226
(I thought it might be better to revive an old thread on this than start my own as this person has a similar question.)

Alexey Saenko wrote:The @DeclareRoles annotation specifies all roles which are used in the given class (or method). Also it is possible to specify the roles list in DD. In case there is no specified roles neither in DD nor with @DeclareRoles annotations, the container builds the list automatically by inspecting the @RolesAllowed annotation.


If the container builds the list automatically, what's the point of the @DeclareRoles annotation. Seems like unnecessary duplication to me?


28/06/06 - SCJP - 69%, 05/06/07 - SCWCD - 92%, 28/02/08 - IBM DB2 v9 Fundamentals (Exam 730) - 87%, 18/11/08 - IBM DB2 v9 DBA (Exam 731) - 89%, 26/02/11 - SCBCD - 88%
Ivan Krizsan
Ranch Hand

Joined: Oct 04, 2006
Posts: 2198
    
    1
Hi!
The @DeclareRoles annotation declares the security roles that are used for programmatic security from within the code of the EJB. If a security role is not declared, it will be impossible to determine if the current user is in the security role in question using the isCallerInRole method in the SessionContext.
Note that if a role is not declared using the above annotation or the deployment descriptor, trying to determine whether the caller is in the role in question will result in an exception. If the role is declared, but the caller is not in the role, the isCallerInRole will return false.

The reason for not using an automatically generated list is:
1. Security. Roles used must be explicitly declared.
2. One role-name can be used in the code and it is later mapped to a principal used in the container.
Best wishes!


My free books and tutorials: http://www.slideshare.net/krizsan
Did Nolt
Greenhorn

Joined: Feb 28, 2012
Posts: 1
See http://www.javabeat.net/articles/13-introduction-to-java-60-new-features-parti-1.html

3.4.1) @DeclareRoles Annotations
Lucas Smith
Ranch Hand

Joined: Apr 20, 2009
Posts: 804
    
    1

Ivan Krizsan wrote:
Note that if a role is not declared using the above annotation or the deployment descriptor, trying to determine whether the caller is in the role in question will result in an exception. If the role is declared, but the caller is not in the role, the isCallerInRole will return false.


This is very important. Try it and you will burn it into your mind .


SCJP6, SCWCD5, OCE:EJBD6.
BLOG: http://leakfromjavaheap.blogspot.com
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: @DeclareRoles