Security Annotations


Annotations are a powerful programming resulting from the JSR-175 recommendation. An annotation is a standard way to include supported security behaviors while allowing, the source code and configuration files to be generated automatically.

In Java EE 5, The security roles and policies can be defined using annotations as well as within the deployment descriptor. During the installation of the application, the security policies and roles defined using annotations are merged with the security policies and roles defined within the deployment descriptor. This merge is performed by the Annotations Metadata Manager (AMM) facility. When the metadata is merged, the following inheritance rules are followed.


Table 1. Metadata merger inheritance rules

Scenario Rules
Security metadata in deployment descriptor only No merge is needed, the security metadata from the deployment descriptor is propagated.
Security metadata in annotations only No merge is needed, the security metadata defined with annotations is propagated.
Security metadata in deployment descriptor and annotations The metadata from the deployment descriptor and annotations is merged. The metadata in annotations is overridden by the same type of data from the deployment descriptor.

Five security annotations are currently supported. For each annotation, a MergeAction implementation is defined.





 

Related concepts


JACC policy propagation
Authorization providers