Defining the method permissions

image with no caption

Three different ways to specify methods

You just saw two ways to specify a bean’s method name: the wildcard (*) which means ALL methods in the bean, and the actual name of the method. But the name alone isn’t always enough. We talked about this before—in the transactions chapter we faced the same problem when we had to specify transaction attributes. What happens if the method is overloaded?

Chances are, your design will treat all versions of an overloaded method in the same way. But there’s an optional <method-params> element just in case you want, say, a particular security role to have permission for only one version of an overloaded method, but not the others.

  1. By wildcard (*) for ALL methods

    <method>
    <ejb-name>WorldDomination</ejb-name>
    <method-name>*</method-name>
</method>

    Note

    an asterisk (*) is the wildcard that means ALL methods in the bean’s interfaces

  2. By name alone, for all methods with this name, regardless of arguments or whether they’re in the home or component interface

    <method>
    <ejb-name>WorldDomination</ejb-name>
    <method-name>takeOver</method-name>
</method>

    Note

    this means that ALL overloaded methods named ‘takeOver’ will be accessible to the role.

  3. By name and arguments, to distinguish between overloaded methods

    <method>
    <ejb-name>WorldDomination</ejb-name>
    <method-name>takeOver</method-name>
    <method-params>
        <method-param>String</method-param> ...

Get Head First EJB now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial