...
This essay developed out of conversations I've had with several other programmers about why Java smelled suspicious. It's not a critique of Java!
Sycorax - complete tutorials
Programming Tutorials
" Java provides the industry - software companies and customer alike , an opportunity to create a true open computing environment where software is portable,
and customers benefit from increase competition. "
Java and the Future
December 1, 2008-LEJB 3.1: EJB New and Improved!
The EJB 3.0 specification was a huge improvement from what you were used to in the early versions of EJB. Available as an early draft, EJB 3.1 has many more features and is even easier to use.
December 1, 2008-Should Java Assert that Network I/O Can't Occur on the UI Thread?
Doing network I/O on the user interface (UI) thread is bad. Most developers know that and can tell you why; unfortunately, it's still done.
Register now to recieve special alert and latest technology news!
EJB3.0 Security
Authorization - Once a user is authenticated by a vendor-specific mechanism, he must be checked to see if he is allowed to invoke a particular EJB method. Authorization is performed in Java EE and EJB by associating one or more roles with a given user and then assigning method permissions based on that role. While an example of a user might be "Scott" or "Gavin," roles are used to identify a group of usersfor instance, "administrator," "manager," or "employee." In EJB, you assign access control on a per-method basis.
import javax.ejb.*;
import javax.annotation.Resource;
import javax.annotation.security.*;
@Stateless
@RolesAllowed("AUTHORIZED_TRAVEL_AGENT")
public class ProcessPaymentBean implements ProcessPaymentRemote,
ProcessPaymentLocal
{
...
@PermitAll
public boolean byCash(Customer customer, double amount)
throws PaymentException
{
...
}
@RolesAllowed("CHECK_FRAUD_ENABLED")
public boolean byCheck(Customer customer, CheckDO check, double amount)
throws PaymentException
{
...
}
public boolean byCredit(Customer customer, CreditCardDO card,
double amount) throws PaymentException
{
...
}
private boolean process(int customerID, double amount, String type,
String checkBarCode, int checkNumber, String creditNumber,
java.sql.Date creditExpDate) throws PaymentException
{
...
}
}
You can also specify this security metadata with XML :
<ejb-jar version="3.0">
<assembly-descriptor>
<security-role>
<description>This role represents an authorized merchant</description>
<role-name>AUTHORIZED_MERCHANT</role-name>
</security-role>
<security-role>
<description>
This role represents a merchant that has check fraud enabled
</descripton>
<role-name>CHECK_FRAUD_ENABLED</role-name>
</security-role>
<method-permission>
<role-name>AUTHORIZED_MERCHANT</role-name>
<method>
<ejb-name>ProcessPaymentBean</ejb-name>
<method-name>byCredit</method-name>
</method>
</method-permission>
<method-permission>
<role-name>CHECK_FRAUD_ENABLED</role-name>
<method>
<ejb-name>ProcessPaymentBean</ejb-name>
<method-name>byCheck</method-name>
</method>
</method-permission>
<method-permission>
<unchecked/>
<method>
<ejb-name>ProcessPaymentBean</ejb-name>
<method-name>byCheck</method-name>
</method>
</method-permission>
</assembly-descriptor>
</ejb-jar>