Operation-level security - role-based authorization

 

During construction of an EAR file, roles can be defined and applied to methods. At deployment of the EAR file, individual users or groups can be assigned to roles. So you can use this feature of EAR files to add role-based security to your Web service.

For example: You have a Web service that controls access to important information, and you want to give read-only access to some users, and write access to others. So when you build the EAR file you define two roles READ and WRITE, then you apply the READ role to the getData method and the WRITE role to the writeData method. When you deploy the EAR file in WAS, you assign 'All Authenticated Users' to the READ role and individual users to the WRITE role. When a user tries to access WebService.getData , their user name and password is checked by the operating system or by LTPA.


Enabling operation-level authorization