File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes EJB Certification (SCBCD/OCPJBCD) and the fly likes @DeclareRoles vs @RolesAllowed Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » EJB Certification (SCBCD/OCPJBCD)
Bookmark "@DeclareRoles vs @RolesAllowed" Watch "@DeclareRoles vs @RolesAllowed" New topic

@DeclareRoles vs @RolesAllowed

Siva Masilamani
Ranch Hand

Joined: Sep 19, 2008
Posts: 385

I am preparing for SCBCD5 exam and have some doubts about these annotations.

I have good knowledge about security in older version of EJBs. But finding it hard to understand in EJB3.

RolesAllowed annotation is used to declare logical roles instead of declaring them in the deployment descriptor?

What is the use of DeclareRoles annotation? is it also used to declare new logical role name ?e.g.

or used to refer the name used programmatically in ejb?


in the above code i have declared two roles "employee","manager" but the code itself uses only one role.So the container will create a new role called employee which is equivalent to <security-role><role-name>employee</role-name></security-role>?

i got the above question as i was going through the specification and it says :

The set of security roles used by the application is taken to be the aggregation of the security roles defined by the security role names used in the DeclareRoles and RolesAllowed annotations. The Bean Provider may augment the set of security roles defined for the application by annotations in this way by means of the security-role deployment descriptor element.



Failure is not an option.
I agree. Here's the link:
subject: @DeclareRoles vs @RolesAllowed
It's not a secret anymore!