security-role-ref

supergiu · Post by **supergiu** » Fri Oct 03, 2014 10:20 am

Hi,
sorry but I didn't understand the use of <security-role-ref> element in ebj-jar application component.
From spec 17.3.3 :

The security role references used in the components of the application are linked to the security roles
defined for the application

using <role-link> to link <security-role-ref> to <security-role>.

1. Is <security-role-ref> the same of @DeclareRoles declaration?

2. If yes, can I declare only <method-permission> or @RolesAllowed without either <security-role-ref>or @DeclareRoles?

Thanks!

Post by **admin** » Fri Oct 03, 2014 10:28 am

It is explained in detailed here: http://docs.oracle.com/cd/E19798-01/821 ... index.html

supergiu · Post by **supergiu** » Fri Oct 03, 2014 11:43 am

Thank you very much, now the issue is more clear.
Sorry but I've only one doubt.

There is a way to declare a role link using only annotation?

I've just tried to define a role link using @DeclareRoles at class level, and <security-role-ref> on ejb-jar.xml
but without <security-role> definition (with the same value of @DeclareRoles({...})) the ejb-jar.xml is not valid (for xsd).

Thanks again.

Post by **admin** » Fri Oct 03, 2014 7:52 pm

No, it cannot be used to declare the role links. If you want to use refs, you have to do that in the xml. See this: http://docs.oracle.com/cd/E19159-01/819 ... index.html
Although it is for EE5, it is applicable for EE 6 as well.

Enthuware

security-role-ref

security-role-ref

Re: security-role-ref

Re: security-role-ref

Re: security-role-ref

Who is online