| <!DOCTYPE html |
| PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
| <html lang="en-us" xml:lang="en-us"> |
| <head> |
| <link rel="stylesheet" type="text/css" href="../../org.eclipse.wst.doc.user/common.css" /> |
| <title>Defining security roles for EJB modules</title> |
| </head> |
| <body id="teaddsecurityrole"><a name="teaddsecurityrole"><!-- --></a> |
| |
| <h1 class="topictitle1">Defining security roles for EJB modules</h1> |
| <div><p>You need to add security roles in order to build method permissions.</p><div class="skipspace"><p>The security roles that you add are defined in the EJB deployment |
| descriptor. Names of security roles do not need to match exactly the names |
| of user groups or principals defined on the server. At deployment time, the |
| administrator assigns the roles that you define to existing user groups and |
| principals with existing security policies and services.</p> |
| <p>For further |
| granularity of security within a bean, you can define security role references. |
| Then you can add programmatic security checks that cannot be defined using |
| method permissions, using for example: <samp class="codeph">isCallerInRole(String roleRefName)</samp>.</p> |
| <p>To |
| add a security role to an EJB module:</p> |
| </div> |
| <ol><li><span>In the Project Explorer view of the J2EE perspective, right-click |
| the Deployment Descriptor for your EJB project and select <span class="menucascade"><span class="uicontrol">Open |
| With</span> > <span class="uicontrol">Deployment Descriptor Editor</span></span> to |
| open the deployment descriptor editor.</span></li> |
| <li><span>On the <span class="uicontrol">Assembly</span> page of the editor, scroll |
| to the Security Roles section.</span></li> |
| <li><span>Click <span class="uicontrol">Add</span>. The Add Security Role wizard |
| appears.</span></li> |
| <li><span>Type a name for the security role in the <span class="uicontrol">Name</span> field.</span></li> |
| <li><span>Type a description for the security role in the <span class="uicontrol">Description</span> field.</span></li> |
| <li><span>Click <span class="uicontrol">Finish</span>.</span></li> |
| </ol> |
| <div class="skipspace">The security role is added to the deployment descriptor and you can |
| now use that role when assigning method permissions. You can also create a |
| security role reference using this security role.</div> |
| <div class="skipspace">To delete a security role, select the role and click <span class="uicontrol">Remove</span>.</div> |
| </div> |
| |
| <div><p><b class="relconceptshd">Related concepts</b><br /> |
| <a href="../topics/ceejbed.html" title="The EJB deployment descriptor editor is used to modify EJB JAR files and associated Java files.">EJB Deployment Descriptor editor</a><br /> |
| </p> |
| <p><b class="reltaskshd">Related tasks</b><br /> |
| <a href="../topics/teaddmethperm.html" title="You can use the Method Permission wizard to add permissions to enterprise beans on the method level.">Defining method permissions for EJB modules</a><br /> |
| <a href="../topics/teaddsecurityidbean.html" title="Assigning a security identity to a bean is useful when another bean calls that bean. The security identity can be set to use the identity of the caller or the identity of a specific security role.">Adding a security identity (bean level)</a><br /> |
| <a href="../topics/teaddroletokey.html" title="You can add a relationship role to a key class.">Adding relationship roles to keys</a><br /> |
| </p> |
| </div> <br /> |
| (C) Copyright IBM Corporation 2000, 2005. All Rights Reserved. |
| </body> |
| </html> |