Add access control methods to the bean

If your new bean is to be protected under access control, add the getOwner method. Another method that is optional for access control purposes is the fulfills method. For details about required and optional methods, refer to Implementing access control in enterprise beans.

Prerequisite You have created a new ejbPostCreate method.

To add access control methods to the new bean:

  1. In the J2EE Hierarchy view, double-click the yourNewBeanBean class to open it and view its source code.

  2. Into the source code, add a getOwner method that includes logic to return the owner of this resource. For example, to return the owner of the UserRes bean, you would return the member ID of the user:
    public java.lang.Long getOwner()
       throws java.lang.Exception {
          return getMemberId();
       }
    

  3. For the purpose of this example, you would add a fulfills method that specifies what relationship the user must satisfy before they are allowed to act upon this resource. In this case, you would specify that only the creator of this UserRes object is allowed to take action. In other words, each user is only allowed to take action upon their own UserRes object. This relationship requirement is shown in the following code snippet:
    public boolean fulfills(Long member, String relationship)
       throws java.lang.Exception 
    {
        if ("creator".equalsIgnoreCase(relationship))
        {
           return member.equals(getMemberId());
        }
        return false;
    }
    

  4. Save your work.

  5. Proceed to mapping the database table to the new enterprise bean.


Previous topic:

Create a new ejbPostCreate method
Next topic:

Mapping the database table to the new enterprise bean

Related tasks

Create new entity beans