[{ALLOW view All}]
[{ALLOW edit Authenticated}]
!!Security

!JBoss 6.0 Security
Summary of the the [guide|http://docs.jboss.org/jbosssecurity/docs/6.0/security_guide/html_single/index.html]:\\

You secure access to EJBs and web components in an enterprise application by using the ejb-jar.xml and __web.xml__ deployment descriptors.\\
Both EJBs and servlets can declare one or more security-role-ref elements:
{{{
<web-app>
    <servlet>
        <servlet-name>AServlet</servlet-name>
        ...
        <security-role-ref>
            <role-name>TheServletRole</role-name>
            <role-link>TheApplicationRole</role-link>
        </security-role-ref>
    </servlet>
    ...
</web-app>
}}}

In JBoss, a security-role element is only used to map security-role-ref/role-name values to the logical role that the component role references
{{{
<web-app>
    <!-- ... -->
    <security-role>
        <description>The single application role</description>
        <role-name>TheApplicationRole</role-name>
    </security-role>
</web-app>
}}}