Show TOC

Configuring Security Roles Using Annotations in Web ApplicationsLocate this document in the navigation structure

Use

There are two annotation configuring security settings:

  • @DeclareRoles

    This annotation declares the security roles defined by the application.

  • @RunAs

    This annotation maps the application's security role to an existing security role.

Procedure

Using the @DeclareRoles Annotation

Use this annotation at class level, passing the role name as an attribute.

Sample Code 
                  @DeclareRoles("Customer")
public class CustomerServlet extends HttpServlet{

//…
        public void doGet(HttpServletRequest req, HttpServletResponse resp) {

                //…
                out.println("@DeclareRoles Test : ");
                out.println("isUuserInRole Customer = " + req.isUserInRole("Customer"));
//…
        }
}

The @DeclareRole("Customer") statement would be equivalent to defining the following security role in the web.xml deployment descriptor.

               <web-app>
…
<security-role>
<role-name>Customer</role-name>
</security-role>
…
</web-app>

Using the @RunAs Annotation

Use this annotation at class level, passing the role name as an attribute.

Sample Code 
                  @RunAs("Customer")
public class RunAs_servlet extends HttpServlet{
//…
  public void doGet( HttpServletRequest req , HttpServletResponse resp){ 
    
   @EJB ShopingCart customerCart;  

     //....

  customerCart.getTotal();

 }
}

The @RunAs("Customer") statement would be equivalent to defining the following security role in the web.xml deployment descriptor.

Sample Code 
                  </web-app>
…
<servlet>
         <servlet-name>RunAs_servlet</servlet-name>
         <run-as>Customer</run-as>
</servlet>
…
</web-app>