Defining the method permissions
The <method-permission> element
Everything in a bean’s home and component interface is potentially callable by clients. Now that the App Assembler has defined the roles, she can define which methods each role is allowed to call. As she did with the security role definitions, she’ll put the method permissions in the <assembly-descriptor>
section of the deployment descriptor.
Get Head First EJB now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.