1 25 26 package org.objectweb.easybeans.examples.security; 27 28 import javax.annotation.Resource; 29 import javax.annotation.security.DeclareRoles; 30 import javax.annotation.security.DenyAll; 31 import javax.annotation.security.PermitAll; 32 import javax.annotation.security.RolesAllowed; 33 import javax.ejb.EJB ; 34 import javax.ejb.Remote ; 35 import javax.ejb.SessionContext ; 36 import javax.ejb.Stateless ; 37 38 43 @Stateless (mappedName="securityBean") 44 @Remote (StatelessRemote.class) 45 @DeclareRoles({"user", "admin"}) 46 public class StatelessBean implements StatelessRemote { 47 48 51 @Resource 52 private SessionContext sessionContext; 53 54 57 @EJB 58 private StatelessRunAsRemote other; 59 60 63 @RolesAllowed({"user", "admin"}) 64 public void someRolesAllowed() { 65 System.out.println("someRolesAllowed() called"); 66 printCurrentCaller(); 67 } 68 69 72 @PermitAll 73 public void allRolesAllowed() { 74 System.out.println("someRolesAllowed() called"); 75 printCurrentCaller(); 76 System.out.print("for run-as bean, caller is "); 77 other.printCurrentCaller(); 78 } 79 80 83 @RolesAllowed("admin") 84 public void onlyAdminAllowed() { 85 System.out.println("onlyAdminAllowed() called"); 86 printCurrentCaller(); 87 } 88 89 92 @DenyAll 93 public void deniedForAll() { 94 throw new RuntimeException ("Method denied, should not be called"); 96 } 97 98 99 102 public void printCurrentCaller() { 103 System.out.println("-> Caller is '" + sessionContext.getCallerPrincipal() + "'."); 104 } 105 106 109 public void callRunAsBean() { 110 other.callBeanWithRunAsAdmin(); 111 } 112 } 113 | Popular Tags |