8.1. Programmatic security
J2EE security can be applied declaratively or programmatically. This chapter will focus on the latter option. Programmatic security can be used by security aware applications when declarative security alone is not sufficient to express the security model of the application.
As an example, the ITSOBank application supplied with this book is configured such that only managers and employees (clerks and accountants) can transfer funds but anyone can check their balance. This is possible because the method permissions for the getCustomerBalance method on the Consultation EJB allows the necessary role (in this case, Consultant) access. The request simply passes the account key as a parameter.
Get IBM WebSphere V5.0 Security: WebSphere Handbook Series now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
