Hi,
I have RESTful web service
@Path("/education")
public class EducationRest {
@EJB
private EducationBean service;
@GET
@Path("/readAll")
@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
public List<EducationDTO> read() throws NamingException {
return service.readAllEducations();
}
...
and web.xml security constraints
...
<security-role>
<role-name>admin</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Administrator permissions</web-resource-name>
<url-pattern>/education/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
...
Do I have to specify security constraints again in the ejb-jar.xml for every local EJB or local beans can be unchecked(@PermitAll)?
@Stateless
public class EducationBean {
...
public List<EducationDTO> readAllEducations(){
...
}
}
...
<assembly-descriptor>
<method-permission>
<role-name>admin</role-name>
<method>
<ejb-name>EducationBean</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
</assembly-descriptor>
...
Thank you,
Dragan.
