Define method permissions for EJB modules

You can use the Method Permission wizard to add permissions to enterprise beans on the method level.

For EJB 1.1 projects, define a security role before you can add a method permission to an enterprise bean. For EJB 2.x projects, method permissions can specify a security role to use for the method permission, or you can specify that the selected methods from the selected beans do not require authorization to execute.

To add a method permission to an enterprise bean:

1. In the Project Explorer view of the J2EE perspective, right-click the Deployment Descriptor for your EJB project and select Open With > Deployment Descriptor Editor to open the deployment descriptor editor.

2. On the Assembly page of the editor, click Add in the Method Permissions section. The Add Method Permission wizard appears.

3. For EJB 2.x projects, complete one of the following options, then click Next:
   • Select the Security roles radio button, and select the existing security roles that will be used to check authorization before the method is invoked.

   • Select the Unchecked radio button. This method allows you to specify that certain methods do not require authorization before they can be invoked.

4. For EJB 1.x projects, select the existing security roles that will be used to check authorization before the method is invoked, then click Next.

5. Select one or more enterprise beans from the list of beans found.

6. Click Next.

7. Select the methods that you want to define permissions for.
   Tip: All the methods associated with the selected enterprise bean are listed. You can use the Apply to All and Deselect All buttons to quickly select or clear multiple methods. It will only check the '*' method per bean. Creating a method permission for the exact method signature will override the default ('*') method permission setting. The '*' method represents all the methods within the bean. Also there are '*' per interface as well. By not checking all the individual methods in the tree, you can set other permissions on the remaining methods.

8. Click Finish.

After the method permission has been created, you will see newly created method permission in the tree. If you expand the tree, the bean and methods that are defined in the method permission are displayed.

After you define method permissions, you can use the deployment descriptor editor to work with them.

• To edit a method permission, select it from the Method Permissions list and click Edit.

• To delete a method permission, select it from the list and click Remove.

• To take multiple method permissions that use the same security role and combine them into a single method permission, click Combine.

 

Related concepts

EJB Deployment Descriptor editor

 

Related tasks

Defining security roles for EJB modules