Appendix G. Security: Secured School Example

Description

Multiuser applications, in order to be secure, must respect that there are differences in user types. For instance, perhaps a system administrator should be given access to alter records hidden to typical users. Coding security logic inside our applications, however, mixes concerns and makes code less maintainable. EJB therefore provides as a service a role-based security model which is both declarative (via metadata) and programmatic (via an API).

In this example we model a school with strict policies about who can open the doors when. Here we showcase the use of @RolesAllowed, @DeclareRoles, @RunAs and @PermitAll.

Get Enterprise JavaBeans 3.1, 6th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.