You can use the Method Permission wizard to add permissions to
enterprise beans on the method level.
For EJB 1.1 projects, you must define a security role before you can
add a method permission to an enterprise bean. For EJB 2.x projects, method
permissions can specify a security role to use for the method permission,
or you can specify that the selected methods from the selected beans do not
require authorization to execute.
To add a method permission to an enterprise bean:
- In the Project Explorer view of the J2EE perspective, right-click
the Deployment Descriptor for your EJB project and select to
open the deployment descriptor editor.
- On the Assembly page of the editor, click Add in
the Method Permissions section. The Add Method Permission wizard appears.
- For EJB 2.x projects, complete one of the following options,
then click Next:
- Select the Security roles radio button, and
select the existing security roles that will be used to check authorization
before the method is invoked.
- Select the Unchecked radio button. This method
allows you to specify that certain methods do not require authorization before
they can be invoked.
- For EJB 1.x projects, select the existing security roles that will
be used to check authorization before the method is invoked, then click Next.
- Select one or more enterprise beans from the list of beans found.
- Click Next.
- Select the methods that you want to define permissions for.
Tip: All the methods associated with the selected enterprise
bean are listed. You can use the Apply to All and Deselect
All buttons to quickly select or clear multiple methods. It will
only check the '*' method per bean. Creating a method permission for the exact
method signature will override the default ('*') method permission setting.
The '*' method represents all the methods within the bean. Also there are
'*' per interface as well. By not checking all the individual methods in the
tree, you can set other permissions on the remaining methods.
- Click Finish.
After the method permission has been created, you will see newly created
method permission in the tree. If you expand the tree, the bean and methods
that are defined in the method permission are displayed.
After you define method permissions, you can use the deployment descriptor
editor to work with them.
- To edit a method permission, select it from the Method Permissions list
and click Edit.
- To delete a method permission, select it from the list and click Remove.
- To take multiple method permissions that use the same security role and
combine them into a single method permission, click Combine.