S E C U R I T Y  


   


 


Listing 8 5, A sample jboss web.xml descriptor illustrating specifying the security domain for a war. 


 


    java:/jaas/spec test 


 


The highlighted items are: 


9. 


A security role ref element declares the role name that the session bean with use 


in calls to the EnterpriseContext.isCallerInRole method. Here the declaration 


states that  EchoCaller  will be used and this name used by the bean is mapped to 


the application logical name  Echo . 


10. 


The security identity element declares that when the message driven bean 


invokes methods on other beans it will do so with a role  InternalRole . It is 


common to use this construct with MDBs when they need to used secured beans 


as MDBs have no standard way to assign a caller identity. 


11. 


The security role elements declare the declarative roles used by the EJBs. This 


will be used to map from the  EchoCaller  string to the  Echo  string when the 


session bean calls isCallerInRole. A principal caller will match the beans check if a 


role named  Echo  has been assigned. The  InternalRole  declaration is really only 


for documentation and portability to other application servers. 


12. 


This is the method permissions section for the  Echo  role. Each method element 


declares a method of an EJB the Echo role is allowed to execute. 


13. 


This is the method permission section for the  InternalRole  role. This is used to 


restrict access to the PrivateEntity entity bean to only other EJBs in this 


application that assume the InternalRole via a run as declaration. 


14. 


The unchecked element declares methods that any authenticated user may access. 


The unchecked element declares that no specific roles are required to execute the 


given methods, but callers must be authenticated users. 


15. 


The excluded list element declares methods that no principal is able to execute in 


the deployment. It is a mechanism to prevent access to methods regardless of the 


caller and their roles. 


16. 


Moving to the jboss.xml descriptor, the security domain declaration in the 


 Standard Stateless SessionBean  configuration is declaring that by default 


stateless session bean in this deployment are secured. This is because the 


80








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

     best web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Java Hosting
Cheapest Hosting



Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved