Security#
JBoss 6.0 Security#
Summary of the the guide:You secure access to EJBs and web components in an enterprise application by using the ejb-jar.xml and web.xml deployment descriptors.
Both EJBs and servlets can declare one or more security-role-ref elements:
<web-app> <servlet> <servlet-name>AServlet</servlet-name> ... <security-role-ref> <role-name>TheServletRole</role-name> <role-link>TheApplicationRole</role-link> </security-role-ref> </servlet> ... </web-app>
In JBoss, a security-role element is only used to map security-role-ref/role-name values to the logical role that the component role references
<web-app> <!-- ... --> <security-role> <description>The single application role</description> <role-name>TheApplicationRole</role-name> </security-role> </web-app>