Method permissions interact with one another as a union!

Method permissions do not relate to one another in the same way that transaction attributes do. With transaction attributes, using a wildcard says, “Every method in this bean will have this attribute unless I say otherwise, by naming a specific method in a different container-transaction tag.” In other words, naming a specific method overrides the wildcard setting.

But with method permissions, using the wildcard says, “All methods in this bean can be accessed by this role.” Nothing else you do in any other method permission will change that.

Transaction attributes

<container-transaction>
   <method>
      <ejb-name>BigBean</ejb-name>
      <method-name> * </method-name>
   </method>
   <trans-attribute>RequiresNew</trans-attribute>
</container-transaction>

<container-transaction>
   <method>
      <ejb-name>BigBean</ejb-name>
      <method-name>useOldDatabase</method-name>
   </method>
   <trans-attribute>NotSupported</trans-attribute>
</container-transaction>

This says that all methods in BigBean will use the RequiresNew attribute, EXCEPT the useOldDatabase method, which will use the NotSupported attribute.

The second <container-transaction> overrides the wildcard one, and takes the useOldDatabase method out of the RequiresNew list and moves it to the NotSupported list.

Method permissions

<method-permission>
   <role-name>Minion</role-name>

      <method>
        <ejb-name>WorldDomination</ejb-name>
        <method-name>*</method-name>
      </method>
</method-permission>


<method-permission>
   <role-name>Boss</role-name> ...

Get Head First EJB now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Head First EJB by Kathy Sierra, Bert Bates

Method permissions interact with one another as a union!

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly