About Question enthuware.oce-ejbd.v6.2.612 :
Posted: Fri May 01, 2015 10:54 am
Should we have <role-link> to map the "user" in annotation to "customer" role in the deployment descriptor?
Java Certification Resources and Java Discussion Forum
https://enthuware.com/forum/
Code: Select all
...
@Stateless
public class EnthuBean {
public void doStuff(){
System.out.println("Do stuff");
}
@RolesAllowed ("user")
public void doStuff(String str){
System.out.println("do stuff "+ str);
}
}
Code: Select all
@WebServlet(name="EJBClientServlet", urlPatterns="/test.do")
@ServletSecurity(
httpMethodConstraints =
{
@HttpMethodConstraint(value="GET", rolesAllowed={"user", "customer"})
})
public class EJBClientServlet extends HttpServlet{
private EnthuBean enthuBean;
@Override
protected void doGet(HttpServletRequest inRequest, HttpServletResponse inResponse ) throws ServletException, IOException{
enthuBean.doStuff("do my own stuff");
enthuBean.doStuff();
}
}
Code: Select all
<ejb-jar version="3.1" >
<enterprise-beans>
<session>
<ejb-name>EnthuBean</ejb-name>
</session>
</enterprise-beans>
<assembly-descriptor>
<security-role>
<role-name>customer</role-name>
</security-role>
<method-permission>
<role-name>customer</role-name>
<method>
<ejb-name>EnthuBean</ejb-name>
<method-name>doStuff</method-name>
</method>
</method-permission>
</assembly-descriptor>
</ejb-jar>
Code: Select all
//This is sun-web.xml, deployer maps principals to roles
<sun-web-app error-url="">
<context-root>/doStuff</context-root>
<security-role-mapping>
<role-name>customer</role-name>
<principal-name>jim</principal-name>
</security-role-mapping>
<security-role-mapping>
<role-name>user</role-name>
<principal-name>nick</principal-name>
</security-role-mapping>
...
</sun-web-app>