Security for Enterprise Beans

The J2EE Engine EJB Container provides a set of security mechanisms for authorization and management of the enterprise beans deployed on the J2EE Engine. This includes defining security roles, access to methods, security role references, and specific security options.

The process of specifying security for enterprise beans consists of the following procedures:

• Defining security roles
• Mapping security roles
• Specifying permissions for method invocations
  • Setting method permissions
  • Denying access to methods
• Declaring security role references
• Specifying security identity
• Specifying security when using IIOP

The security deployment properties are stored in the ejb-jar.xml and in ejb-j2ee-engine.xml deployment descriptors, and are used by the EJB Container at deployment to assign the proper security settings.