Define security roles for enterprise applications
You can use the Application Deployment Descriptor editor to define security roles for your enterprise applications.
A security role is a logical grouping of principals. Access to operations (such as EJB methods) is controlled by granting access to a role. You can grant access to users individually or in groups.
For each security role that you define in the deployment descriptor editor, a <security-role> element is added to the application.xml file.
To add security roles using the Application Deployment Descriptor editor:
- In the Project Explorer view of the J2EE perspective, right-click the Deployment Descriptor for your enterprise application project and select Open With > Deployment Descriptor Editor to open the Application Deployment Descriptor editor.
- On the Security page of the editor, click Add. The Add Security Role wizard appears.
- Type a name and description for the new role.
- Click Finish.
To remove a security role, select the role and click Remove.
Gathering security roles
For an enterprise application, you can roll up all the security roles that are defined in the application's modules. You can then combine and remove redundant or unnecessary security roles.Replacing security roles
You can use the Application Deployment Descriptor editor to replace redundant or unnecessary security roles with preferred roles.Adding users to security role bindings
Related concepts
Application Deployment Descriptor editor
Related tasks
Gathering security roles
Replacing security roles