Defining the method permissions
Three different ways to specify methods
You just saw two ways to specify a bean’s method name: the wildcard (*) which means ALL methods in the bean, and the actual name of the method. But the name alone isn’t always enough. We talked about this before—in the transactions chapter we faced the same problem when we had to specify transaction attributes. What happens if the method is overloaded?
Chances are, your design will treat all versions of an overloaded method in the same way. But there’s an optional <method-params>
element just in case you want, say, a particular security role to have permission for only one version of an overloaded method, but not the others.
By wildcard (*) for ALL methods
<method> <ejb-name>WorldDomination</ejb-name> <method-name>*</method-name> </method>
Note
an asterisk (*) is the wildcard that means ALL methods in the bean’s interfaces
By name alone, for all methods with this name, regardless of arguments or whether they’re in the home or component interface
<method> <ejb-name>WorldDomination</ejb-name> <method-name>takeOver</method-name> </method>
Note
this means that ALL overloaded methods named ‘takeOver’ will be accessible to the role.
By name and arguments, to distinguish between overloaded methods
<method> <ejb-name>WorldDomination</ejb-name> <method-name>takeOver</method-name> <method-params> <method-param>String</method-param> ...
Get Head First EJB now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.