I need clarification here, please. I'm currently learning EJB, and i've read about limitting the access right of methods to the users in certain "roles." I know how the metadata to limit the access rights works. But, what i dont know if how to put the users in the respective roles. Are the users' roles set in the database, and the ejb goes into the database and check to role(if so, how)? I mean, where or how to i progamatically impose that certain users belong to , for example, the customer role or the administrator role? If you know any books, you can also provide the title if you want.
There are several ways to declare roles in an EJB application (database, property files, LDAP ...).
Also since EJB 3.0, you can use annotations in your session beans :
It's called declarative authorization. As opposed to programmatic authorization (methods getCallerPrincipal() and isCallerInRole() from the javax.ejb.SessionContext object).