Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Why use @PermitAll?

 
Mark Garland
Ranch Hand
Posts: 226
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Reading p209 of EJB3 In Action, it discusses the @PermitAll annotation, but as all methods are permitted to all by default, I cannot see what this annotation would give me.

The only way I can see myself using this is if I defined a class level setting that restricted the roles, then overrode those with this annotation on a single method. However, this practice is discouraged on p209.

Am starting to think I might be missing something, otherwise why would we be given something which has a discouraged use.

Thanks in advance,

MG
 
Raf Szczypiorski
Ranch Hand
Posts: 383
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The reason is as you pointed in your post, to selectively allow everyone to invoke a method even though in general the whole bean is constrained. The book only says it should be used sparingly, not discouraged.
 
Ralph Jaus
Ranch Hand
Posts: 342
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In addition to the reason stated above, PermitAll can be used as hint for the deployer that the method should be unchecked. See core spec 17.3.2.3:
It is possible that some methods are not assigned to any security roles nor annotated as DenyAll or contained in the exclude-list element. In this case, the Deployer should assign method permissions for all of the unspecified methods, either by assigning them to security roles, or by making them as unchecked.

Or, in pratical terms: If each business method of a bean except one is assigned to security roles then for the posterity it's difficult to decide whether the one should really be unchecked or security assignments were just forgotten. PermitAll can be used as information to avoid such doubts.
 
Mark Garland
Ranch Hand
Posts: 226
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Thank you both for your kind answers.

Raf - you're right. My mistake. I was confusing it with the previous paragraph.
Ralph - Thanks for that. I often forget about the poor deployer!

Thanks once again,

MG
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic