aspose file tools
The moose likes EJB Certification (SCBCD/OCPJBCD) and the fly likes Question regarding EJB Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Software Craftsman this week in the Agile forum!
JavaRanch » Java Forums » Certification » EJB Certification (SCBCD/OCPJBCD)
Bookmark "Question regarding EJB Security" Watch "Question regarding EJB Security" New topic
Author

Question regarding EJB Security

saqib rashids
Greenhorn

Joined: Mar 31, 2013
Posts: 6
I have a question regarding EJB Security: If @DenyAll notification is applied at class level and @RolesAllowed("xyz") is applied at a method methodA. Will a caller in role "xyz" be allowed to call methodA. In other words, will @RolesAllowed on method level override @DenyAll at bean class level.

Similarly for @PermitAll: If @PermitAll is applied at class level and @RolesAllowed is applied at method level. Will all clients be able to call that certain method or only those in role specified in @RolesAllowed.

Thanks in advance !!!
Frits Walraven
Creator of Enthuware JWS+ V6
Bartender

Joined: Apr 07, 2010
Posts: 1929
    
  39

Hi Saqib,

The answer is found in the ejb specs:
Specifying the RolesAllowed or PermitAll or DenyAll annotation on the bean class means that it applies to all applicable business methods of the class.
Method permissions may be specified on a method of the bean class to override the method permissions value specified on the bean class.

In other words: the method level permissions always override the class level permissions (and permissions specified in the deployment descriptor always override any values specified in annotations).

Regards,
Frits
 
Have you tried LearnNowOnline? http://www.learnnowonline.com/
 
subject: Question regarding EJB Security