9.4.1 Enterprise Bean method permissions
This section explains how to set method permissions. The method permission definition defines access control based on security roles. You can allow or deny access permissions for all users.
The method permissions can be set on the following methods:
-
Session Bean
-
Home interface create method
-
Component interface business and remove methods
-
-
Entity Bean
-
Home interface create, finder, and home methods
-
Component interface business and remove methods
-
Note that permissions are invalid for the following methods. The method permission defined by the component interface remove method is used to check the access permissions of these methods.
-
javax.ejb.EJBHome remove(javax.ejb.Handle handle) method
-
javax.ejb.EJBHome remove(Object primaryKey) method
-
javax.ejb.EJBLocalHome remove(Object primaryKey) method
- Important note
-
When the <Enable Scheduling> property is specified for a Stateless Session Bean of the CTM application, do not set security role-based access permissions on the home interface create method. The deployment will fail.
- Organization of this subsection
(1) Attribute files to be edited
Edit the following attributes files for each type of Enterprise Beans.
-
Session Bean attribute file
-
Entity Bean attribute file
(2) Obtaining the attribute file to be edited and setting up attributes
-
Obtaining the attribute file
Execute the following command to obtain the Enterprise Bean attribute file.
- Execute form
cjgetappprop [server name] [-nameserver provider URL] -name J2EE application name -type ejb -resname EJB-JAR display name/enterprise bean display name -c enterprise bean attribute file path
- Example
cjgetappprop MyServer -name adder -type ejb -resname adder/adder-eb -c C:\home\adder_ejb.xml
-
Setting up attributes
Execute the following command to reflect the Enterprise Bean attribute file values.
- Execute form
cjsetappprop [server name] [-nameserver provider URL] -name J2EE application name -type ejb -resname EJB-JAR display name/enterprise bean display name -c enterprise bean attribute file path
- Example
cjsetappprop MyServer -name adder -type ejb -resname adder/adder-eb -c C:\home\adder_ejb.xml
(3) Attribute settings to be edited
The following table lists the security definition (method permission) settings (<method_permission>).
|
Item |
Required |
Tag name |
|---|---|---|
|
Description |
O |
<description> |
|
Role name |
O# |
<role-name> |
|
With method authentication |
O# |
<unchecked> |
|
Method description |
O |
<method> - <description> |
|
Interface type |
O |
<method> - <intf> |
|
Method name |
O |
<method> - <name> |
Legend: O: Optional
Note: When the security definition (method permission) settings (<method-permission>) are set as annotations, they cannot be changed.
#: To enable security management, specify either a role name or method authentication as shown below:
-
To allow or deny access permissions based on security roles:
Specify a role name (<role-name>).
-
To grant access permissions to all users:
Specify whether method authentication is enabled (<unchecked>).
To deny access permissions for all users, add information regarding the method with no access permission to <method> under <exclude-list> instead of <method-permission>.
For details about property settings, see:
-
Subsection 3.4.1 Specifications of the HITACHI Session Bean Property file in the uCosminexus Application Server Application and Resource Definition Reference Guide
-
Subsection 3.5.1 Specifications of the HITACHI Entity Bean Property file in the uCosminexus Application Server Application and Resource Definition Reference Guide