the use of @DeclareRoles
Usually the code piece is like this:
@DeclareRoles("r1","r2")
@Stateless
public class myBean(){
@PermitAll
public void method1(){...}
}
I just wonder:Does this mean that there are only these 2 roles(r1,r2) in the whole application? or it means within the whole application only these 2 roles can access this bean?
If this question is answered,here comes the following one:
According to "@PermitAll",which roles are permitted to access method1()? all roles of the whole application? or only r1 & r2?
Thanks anyway.
[586 byte] By [
java_jchca] at [2007-11-27 10:19:39]
> I just wonder:Does this mean that there are only
> these 2 roles(r1,r2) in the whole application? or it
> means within the whole application only these 2 roles
> can access this bean?
@DeclareRoles is used by the application to declare roles. It means two roles r1 and r2 have been declared.
http://java.sun.com/javaee/5/docs/api/javax/annotation/security/DeclareRoles.html
> If this question is answered,here comes the following
> one:
Oh my...
> According to "@PermitAll",which roles are permitted
> to access method1()? all roles of the whole
> application? or only r1 & r2?
It means all roles are permitted to access that method.
http://java.sun.com/javaee/5/docs/api/javax/annotation/security/PermitAll.html
well,if I use @DeclareRoles to declare 2 roles:r1,r2, for myBean,later I use this annotation again to declare 2 more roles:r3,r4 for myBran1.Now can myBean1 use @AllowedRoles to allow r1 or r2 to access methods within it?. I mean,I want to know whether this kind of declaration is Global.
