Well, we have a lot of things happening here! Let's begin with our UserActivity class.
We used the @RolesAllowed annotation to define the role that can access each method of the class:
@RolesAllowed({Roles.ROLE1}) public void role1Allowed(){ System.out.println("role1Allowed executed"); }
You can add more than one role inside the annotation (it's an array).
We also had two others interesting annotations, @PermitAll and @DenyAll:
- The @PermitAll annotation allows anyone to access the method, even without any authentication.
- The @DenyAll annotation denies everyone access to the method, even authenticated users with the highest privileges.
Then we have what we called executors:
@Named@RunAs(Roles.ROLE1)public class Role1Executor ...