Define security roles for EJB modules
You need to add security roles in order to build method permissions.
The security roles that you add are defined in the EJB deployment descriptor. Names of security roles do not need to match exactly the names of user groups or principals defined on the server. At deployment time, the administrator assigns the roles that you define to existing user groups and principals with existing security policies and services.
For further granularity of security within a bean, you can define security role references. Then you can add programmatic security checks that cannot be defined using method permissions, using for example: isCallerInRole(String roleRefName).
To add a security role to an EJB module:
- In the Project Explorer view of the J2EE perspective, right-click the Deployment Descriptor for your EJB project and select Open With > Deployment Descriptor Editor to open the deployment descriptor editor.
- On the Assembly page of the editor, scroll to the Security Roles section.
- Click Add. The Add Security Role wizard appears.
- Type a name for the security role in the Name field.
- Type a description for the security role in the Description field.
- Click Finish.
The security role is added to the deployment descriptor and you can now use that role when assigning method permissions. You can also create a security role reference using this security role.
To delete a security role, select the role and click Remove.
Related concepts
EJB Deployment Descriptor editor
Related tasks
Defining method permissions for EJB modules
Adding a security identity (bean level)
Adding relationship roles to keys
Adding security role references