Show TOC

Securing Composed ServicesLocate this document in the navigation structure

Use

Authentication Concept

After you deploy your composed service it has an enabled endpoint. If your composed service should be secured, then no endpoints should be enabled upon deployment. For more information, see Applying Authentication Policy in Composed Services .

Authorization Concept

The authorization concept of the composed service is based on the EJB specification. This allows you to set the security policies for your composed service in the deployment descriptor - you can define security roles, method permissions and so on. Furthermore, the deployment descriptor is not lost upon regeneration of the composed service.

Note that you should not use annotations to manage authorizations, because upon generation of the composite, all manually added code is removed.

For more information, see Enabling Endpoints for Security .