-
As with transactions, EJB offers a declarative mechanism for addressing
security
-
Neither Enhydra nor JBoss support the security aspects of EJB yet
-
Example 19 shows what
part of the deployment descriptor woould look like using declarative security
-
EJB security is role-based
-
A role represents a certain type of user in the system
-
Each role is given a name
-
Methods can then be restricted so that they can only be accessed by certain
roles
-
For the Auction system there are really only two roles
-
An ordinary user of the system
-
A privilidged administrator of the system
-
Certain methods (e.g. remove) are only permitted to user's who have the
administrator role
|