https://luminoussheep.net/mediawiki/index.php?action=history&feed=atom&title=Security_and_Deployment_DescriptorsSecurity and Deployment Descriptors - Revision history2026-05-11T19:21:24ZRevision history for this page on the wikiMediaWiki 1.43.8https://luminoussheep.net/mediawiki/index.php?title=Security_and_Deployment_Descriptors&diff=74&oldid=prevMartin: Created page with "References * http://java.boot.by/scea5-guide/ch08s04.html * [http://java.sun.com/xml/ns/javaee/ all schemas for j2ee] * [http://java.sun.com/xml/ns/javaee/javaee_5.xsd j2ee xs..."2021-09-14T21:35:52Z<p>Created page with "References * http://java.boot.by/scea5-guide/ch08s04.html * [http://java.sun.com/xml/ns/javaee/ all schemas for j2ee] * [http://java.sun.com/xml/ns/javaee/javaee_5.xsd j2ee xs..."</p>
<p><b>New page</b></p><div>References<br />
* http://java.boot.by/scea5-guide/ch08s04.html<br />
* [http://java.sun.com/xml/ns/javaee/ all schemas for j2ee]<br />
* [http://java.sun.com/xml/ns/javaee/javaee_5.xsd j2ee xsd (used by web.xsd)]<br />
<br />
= Declarative security =<br />
* rules and permissions<br />
* defined in deployment descriptors<br />
** EJB = ejb-jar.xml<br />
** WAR = web.xml<br />
** JAR = application-client.xml<br />
<br />
= web.xml =<br />
* [http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd web xsd]<br />
<br />
Can configure protocol and roles of pages that can be seen<br />
<web-app><br />
<security-constraint><br />
<web-resource-collection><br />
<url-pattern> </url-pattern><br />
<http-method>GET or POST</http-method><br />
</web-resource-collection><br />
<br />
<auth-constraint><br />
<role-name></role-name><br />
</auth-constraint><br />
<br />
<user-data-constraint><br />
<transport-guarantee>NONE (=http) or INTEGRAL (must not be tampered with = ssl) or CONFIDENTIAL (must not be intercepted = ssl)</transport-guarantee><br />
</user-data-constraint><br />
</security-constraint><br />
</web-app><br />
<br />
= ejb.xml =<br />
[http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd ejb xsd]<br />
* Can map roles to logical names for use within beans<br />
* Can define roles the bean will run as<br />
* Can define the roles required to access methods of beans<br />
** can distinguish between methods overridden, interfaces - remote/local<br />
** in assembly descriptor<br />
* message driven only has security role to run as<br />
<br />
<ejb-jar><br />
<enterprise-beans><br />
<entity|session><br />
<security-role-ref> < !-- only for use in security context methods within bean -- ><br />
<role-name>Name to use in bean</role-name><br />
<role-link>actual role or logic role mapped by assembly descriptor</role-link><br />
</security-role-ref><br />
<br />
<security-identity><br />
* <use-caller-identity/> < !-- empty tag run as calling user -- ><br />
* OR<br />
* <run-as><br />
</security-identity><br />
<br />
...<br />
<message-driven><br />
....<br />
<security-identity><br />
* <use-caller-identity/> < !-- empty tag run as calling user -- ><br />
* OR<br />
* <run-as><br />
</security-identity><br />
<message-driven><br />
<br />
<assembly-descriptor><br />
<security-role-ref> < !-- see above -- > </security-role-ref> <br />
<method-permission><br />
* <role-name></role-name><br />
* or <br />
* <unchecked/><br />
<method><br />
<ejb-name></ejb-name><br />
<method-intf>optional - one of Home,Remote,LocalHome,Local,ServiceEndpoint</method-intf><br />
<method-name></method-name><br />
<method-params>optional - distinguish between overridden methods repeated with fully specified class</method-params><br />
</method></div>Martin