Security definition (Method permission)

This section explains how to set method permissions. The method permission definition defines access control based on security roles. You can allow or deny access permissions for all users.

The method permissions can be set on the following methods:

Session Bean
- Home interface create method
- Component interface business and remove methods
Entity Bean
- Home interface create, finder, and home methods
- Component interface business and remove methods

Note that permissions are invalid for the following methods. The method permission defined by the component interface remove method is used to check the access permissions of these methods.

javax.ejb.EJBHome remove(javax.ejb.Handle handle) method
javax.ejb.EJBHome remove(Object primaryKey) method
javax.ejb.EJBLocalHome remove(Object primaryKey) method

Note

When the <Enable Scheduling> property is specified for a Stateless Session Bean of the CTM application, do not set security role-based access permissions on the home interface create method. The deployment will fail.

Organization of this section: (1) Attribute files to be edited; (2) Obtaining the attribute file to be edited and setting up attributes; (3) Attribute settings to be edited

(1) Attribute files to be edited

(2) Obtaining the attribute file to be edited and setting up attributes

Obtaining the attribute file

Execute the following command to obtain the Enterprise Bean attribute file.

Execute form

 
cjgetappprop [server name] [-nameserver provider URL] -name J2EE application name -type ejb -resname EJB-JAR display name/enterprise bean display name -c enterprise bean attribute file path

Example

cjgetappprop MyServer -name adder -type ejb -resname adder/adder-eb -c C:\home\adder_ejb.xml

Setting up attributes

Execute the following command to reflect the Enterprise Bean attribute file values.

Execute form

 
cjsetappprop [server name] [-nameserver provider URL] -name J2EE application name -type ejb -resname EJB-JAR display name/enterprise bean display name -c enterprise bean attribute file path

Example

cjsetappprop MyServer -name adder -type ejb -resname adder/adder-eb -c C:\home\adder_ejb.xml

(3) Attribute settings to be edited

The following table lists the security definition (method permission) settings (<method_permission>).

Item	Required	Tag name
Description	O	<description>
Role name	O^#	<role-name>
With method authentication	O^#	<unchecked>
Method description	O	<method> - <description>
Interface type	O	<method> - <intf>
Method name	O	<method> - <name>

Legend: O: Optional

Note: When the security definition (method permission) settings (<method-permission>) are set as annotations, they cannot be changed.

#: To enable security management, specify either a role name or method authentication as shown below:

To allow or deny access permissions based on security roles:
Specify a role name (<role-name>).
To grant access permissions to all users:
Specify whether method authentication is enabled (<unchecked>).

To deny access permissions for all users, add information regarding the method with no access permission to <method> under <exclude-list> instead of <method-permission>.

For details about property settings, see:

Subsection 3.4.1 Specification of the session bean attribute file in the uCosminexus Application Server Application and Resource Definition Reference Guide
Subsection 3.5.1 Specification of the entity bean attribute file in the uCosminexus Application Server Application and Resource Definition Reference Guide

9.4 Security definition (Method permission)

(1) Attribute files to be edited

(2) Obtaining the attribute file to be edited and setting up attributes

Obtaining the attribute file

Setting up attributes

(3) Attribute settings to be edited