You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomee.apache.org by bdragan <dr...@yahoo.com> on 2016/10/17 20:10:26 UTC
Local EJB security
Hi,
I have RESTful web service
@Path("/education")
public class EducationRest {
@EJB
private EducationBean service;
@GET
@Path("/readAll")
@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
public List<EducationDTO> read() throws NamingException {
return service.readAllEducations();
}
...
and web.xml security constraints
...
<security-role>
<role-name>admin</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Administrator permissions</web-resource-name>
<url-pattern>/education/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
...
Do I have to specify security constraints again in the ejb-jar.xml for every
local EJB or local beans can be unchecked(@PermitAll)?
@Stateless
public class EducationBean {
...
public List<EducationDTO> readAllEducations(){
...
}
}
...
<assembly-descriptor>
<method-permission>
<role-name>admin</role-name>
<method>
<ejb-name>EducationBean</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
</assembly-descriptor>
...
Thank you,
Dragan.
--
View this message in context: http://tomee-openejb.979440.n4.nabble.com/Local-EJB-security-tp4680357.html
Sent from the TomEE Users mailing list archive at Nabble.com.