Selecting the EJB Methods for Each J2EE Security Role

Use

In this step, you will select the methods that are to apply to each of the roles.

Prerequisites

The quick car rental application’s EJB project, J2EE_QuickCarRentalEJB, is displayed in the J2EE Explorer.

Procedure

Selecting the EJB Methods for the CarRentalEmployee Role

First, you will select the methods that apply to the CarRentalEmployee role.

...

       1.      Open or return to the ejb-jar.xml file.

       2.      Choose the Assembly tab page.

       3.      Select the method-permission element and choose Add.

The Choose methods dialog appears, which shows the QuickBookingBean and the QuickOrderProcessorBean.

       4.      Expand the nodes for both of these beans until all of the methods are displayed.

       5.      Select the methods as shown in the table below:

Methods to Select for the CarRentalEmployee role

Bean

Method Type

Methods to Select

QuickBookingBean

Business methods

getReservationDate()

getDateFrom()

getPickupLocation()

getBookingId()

getVehicleTypeId()

getStatus()

getDateTo()

getDropoffLocation()

 

Home methods

None

 

Create methods

Create()

 

Finder methods

findByPrimaryKey()

findByStatus()

QuickOrderProcessorBean

Business methods

viewActiveBookings()

Create methods

create()

For an example of the business methods to select for the QuickBookingBean, see the figure below.

       6.      Choose OK to continue.

       7.      Rename this method by selecting the method-permission sub-node and entering a description in the Description text box, for example, CarRentalEmployee methods.

       8.      Deactivate the Unchecked indicator.

The Choose role-names dialog appears.

       9.      Select the CarRentalEmployee role and choose OK.

The role is added to the list of roles for this set of method permissions. See the figure below.

Selecting the EJB Methods for the BookingAgent Role

Repeat for the BookingAgent role:

...

       1.      Select the method-permission element and choose Add.

       2.      In the Choose methods dialog, select both of the beans and choose OK.

This specifies that all of the methods for both beans apply to this set of method permissions.

       3.      Rename this set of method permissions by entering a description in the Description text box, for example, BookingAgent methods.

       4.      Deactivate the Unchecked indicator.

The Choose role-names dialog appears.

       5.      Select the BookingAgent role and choose OK.

The role is added to the list of roles for this set of method permissions.

       6.      Save the file.

Result

The <method-permission> elements are added to the deployment descriptor for the EJB. See the example below.

Note that some of the methods have been omitted in the example.

      <method-permission>
         <description>
CarRentalEmployee methods</description>
         <role-name>CarRentalEmployee</role-name>
         <method>
            <ejb-name>
QuickBookingBean</ejb-name>
            <method-name>
getReservationDate</method-name>
            <method-params/>
         </method>
         <method>
            <ejb-name>
QuickBookingBean</ejb-name>
            <method-name>
getDateFrom</method-name>
            <method-params/>
         </method>

          ...

         <method>
            <ejb-name>
QuickBookingBean</ejb-name>
            <method-name>
getDropoffLocation</method-name>
            <method-params/>
         </method>

      </method-permission>
      <method-permission>
         <description>
BookingAgent methods</description>
         <role-name>BookingAgent</role-name>
         <method>
            <ejb-name>
QuickBookingBean</ejb-name>
            <method-name>
*</method-name>
         </method>
         <method>
            <ejb-name>
QuickOrderProcessorBean</ejb-name>
            <method-name>
*</method-name>
         </method>
      </method-permission>

Next Step:

Catching the Access Control Error