EJB 1.0 components use the package, component, and method role-based access control model used by all other component types. “Configuring EAServer roles” describes how to configure roles and associate them with packages, components, and methods.
EJB 2.0 and 1.1 component security uses method-level constraints rather than the package and component role constraints used for other component models. The Roles folder does not display for EJB 2.0 or 1.1 components, or for packages that contain only EJB 2.0 or 1.1 components. If EJB 2.0 or 1.1 components are installed in a package that contains other component types, the package role folder has no effect on the EJB 2.0 or 1.1 components.
To restrict access beyond the configured permissions, you can call the isCallerInRole Java method to check the user’s role membership. If you call the isCallerInRole Java method, you must configure role references to map names used in isCallerInRole calls to J2EE role names that are configured in the package properties.
Configuring logical role mappings
Role settings in EJB 2.0 and 1.1 method permission use logical J2EE role names which must be mapped to EAServer role names in the properties of the package where the component is installed. The logical names are used when exporting the component to an EJB-JAR file. Configure role mappings as follows:
If necessary, define new EAServer roles to be used in the method level constraints. See “Configuring EAServer roles” for details.
Display the package properties.
Display the Role Mapping tab and configure the mappings as follows:
To add a logical J2EE role name, click Add and enter the role name.
To specify the mapped EAServer role, click in the right column, opposite the J2EE role to be mapped, then use the pull-down menu to choose the mapped role.
Configuring EJB 2.0 or 1.1 method permissions
If necessary, define new EAServer roles to be used by callers of the component and map them to J2EE roles in the package properties. You must map a J2EE role name for each role to be used in method permissions.
For each method that requires limited access, display the Method Properties dialog and highlight the Permissions tab. A check box displays for each mapped J2EE role in the package that contains the component. Select the check box by each role that can call the method.
Several predefined roles are available. For example, select the predefined “everybody” role if all users are to have access, or select “nobody” if all users are to be denied access. “Predefined roles” describes the other predefined EAServer roles.
If the logical J2EE role is not mapped to an EAServer role, then at runtime, the server defaults to performing role checks against the logical J2EE role. The server assumes there exists an EAServer role with the same name as that of the logical J2EE role.
Configuring EJB 2.0 or 1.1 role references
If necessary, define new EAServer roles to be used by callers of the component. and map them to J2EE roles in the package properties. You must map a J2EE role name for each role to be used in role references.
For each component that calls the isCallerInRole method, display the Component Properties dialog and highlight the Role Refs tab. Add or modify roles as follows:
To add a role, click Add and edit the new entry as described below.
To modify a role, edit the Reference Name (used in isCallerInRole calls), and choose the mapped J2EE role (configured in the properties of the package where the component is installed).
