Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

@DeclareRoles

 
Duran Harris
Ranch Hand
Posts: 608
Eclipse IDE Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi I'm struggling to understand what the @DeclareRoles annotation does...

I understand the @RunAs and @RolesAllowed but this is confusing me...

The way I understand it is that by the time the bean is called the caller already has a 'Principal' with it's role/s defined.....

(Also sorry to the moderators but this is a double post...I posted this in the EJB forum about 5 days ago but got no response...So I wanted to try my luck here)
 
Alexey Saenko
Ranch Hand
Posts: 30
Chrome Eclipse IDE Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The @DeclareRoles annotation specifies all roles which are used in the given class (or method). Also it is possible to specify the roles list in DD. In case there is no specified roles neither in DD nor with @DeclareRoles annotations, the container builds the list automatically by inspecting the @RolesAllowed annotation.
 
Duran Harris
Ranch Hand
Posts: 608
Eclipse IDE Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Okay thanks
 
Mark Garland
Ranch Hand
Posts: 226
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
(I thought it might be better to revive an old thread on this than start my own as this person has a similar question.)

Alexey Saenko wrote:The @DeclareRoles annotation specifies all roles which are used in the given class (or method). Also it is possible to specify the roles list in DD. In case there is no specified roles neither in DD nor with @DeclareRoles annotations, the container builds the list automatically by inspecting the @RolesAllowed annotation.


If the container builds the list automatically, what's the point of the @DeclareRoles annotation. Seems like unnecessary duplication to me?
 
Ivan Krizsan
Ranch Hand
Posts: 2198
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!
The @DeclareRoles annotation declares the security roles that are used for programmatic security from within the code of the EJB. If a security role is not declared, it will be impossible to determine if the current user is in the security role in question using the isCallerInRole method in the SessionContext.
Note that if a role is not declared using the above annotation or the deployment descriptor, trying to determine whether the caller is in the role in question will result in an exception. If the role is declared, but the caller is not in the role, the isCallerInRole will return false.

The reason for not using an automatically generated list is:
1. Security. Roles used must be explicitly declared.
2. One role-name can be used in the code and it is later mapped to a principal used in the container.
Best wishes!
 
Did Nolt
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
See http://www.javabeat.net/articles/13-introduction-to-java-60-new-features-parti-1.html

3.4.1) @DeclareRoles Annotations
 
Lucas Smith
Ranch Hand
Posts: 808
1
Android Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ivan Krizsan wrote:
Note that if a role is not declared using the above annotation or the deployment descriptor, trying to determine whether the caller is in the role in question will result in an exception. If the role is declared, but the caller is not in the role, the isCallerInRole will return false.


This is very important. Try it and you will burn it into your mind .
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic