Note that there are other roles, quite a few of them, but these are the only ones I'm using on my EJB.
application.xml:
[code]
<?xml version="1.0" encoding="UTF-8"?>
<application version="5" xmlns="
http://java.sun.com/xml/ns/javaee" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="
http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_5.xsd">
<display-name>intranet</display-name>
<module>
<ejb>intranet-ejb.jar</ejb>
</module>
<module>
<web>
<web-uri>intranet-war.war</web-uri>
<context-root>/</context-root>
</web>
</module>
<module>
<web>
<web-uri>intranet-ws.war</web-uri>
<context-root>/ws</context-root>
</web>
</module>
<!--
- Security Roles
-->
<security-role>
<description>All authenticated users.</description>
<role-name>authenticated</role-name>
</security-role>
<security-role>
<description>Users with admin access to the assets application.</description>
<role-name>application_assets_admin</role-name>
</security-role>
<security-role>
<description>Users with read access to the assets application.</description>
<role-name>application_assets_read</role-name>
</security-role>
<security-role>
<description>Users with write access to the assets application.</description>
<role-name>application_assets_write</role-name>
</security-role>
<security-role>
<description>Users with write access to the reporting application.</description>
<role-name>application_reporting_admin</role-name>
</security-role>
<security-role>
<description>Users with read access to the reporting application.</description>
<role-name>application_reporting_read</role-name>
</security-role>
</application>
[/code]
sun-application.xml:
[code]
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-application PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Java EE Application 5.0//EN" "
http://www.sun.com/software/appserver/dtds/sun-application_5_0-0.dtd">
<sun-application>
<security-role-mapping>
<role-name>authenticated</role-name>
<group-name>Development</group-name>
<group-name>Infrastructure</group-name>
<group-name>Network</group-name>
<group-name>Operations</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>application_assets_admin</role-name>
<group-name>Operations_Engineering_Developer</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>application_assets_read</role-name>
<group-name>Development</group-name>
<group-name>Infrastructure</group-name>
<group-name>Network</group-name>
<group-name>Operations</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>application_assets_write</role-name>
<group-name>Development</group-name>
<group-name>Infrastructure</group-name>
<group-name>Network</group-name>
<group-name>Operations</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>application_reporting_admin</role-name>
<group-name>Operations_Engineering_Developer</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>application_reporting_read</role-name>
<group-name>Development</group-name>
<group-name>Infrastructure</group-name>
<group-name>Network</group-name>
<group-name>Operations</group-name>
</security-role-mapping>
<realm>ldap</realm>
</sun-application>
[/code]
AssetManagerEJB.java (Just the meat):
[code]
@Stateless
@DeclareRoles({
"application_asset_admin",
"application_asset_read",
"application_asset_write"
})
public class AssetManagerEJB implements IAssetManagerEJB {
@RolesAllowed({
"application_asset_admin",
"application_asset_read",
"application_asset_write"
})
public List<Asset> getAssetList(String assetClassName) {
// Create the query to list the assets
Query query = em.createQuery("SELECT a FROM Asset AS a WHERE a.assetClass.name = :name ORDER BY a.name");
query.setParameter("name", assetClassName);
// Return the list
return query.getResultList();
}
}
[/code]
[Message sent by forum member 'jeffreyrodriguez' (jeffreyrodriguez)]
http://forums.java.net/jive/thread.jspa?messageID=217890