💖Declaring Roles

Method permissions are defined using the following annotations:

@DeclareRoles

• This annotation is used to specify all the roles that are used by the application
• It also includes the roles that are not defined in the @RolesAllowed annotation
• The following syntax is used when declaring more than one role:
  – @DeclareRoles ({“Administrator", “Manager", “Employee"})

@RolesAllowed(“List-of-roles")

• This annotation specifies the security roles that enable access to methods in an application
• It can be defined on a class or on one or more methods

Declaring Roles (Cont’d)

@DenyAll

• This annotation specifies that no security roles are allowed to run the specified method or methods
• These methods are eliminated from execution in the Java EE container

Example Code for @DenyAll Annotation

@PermitAll

• This annotation specifies that all security roles are allowed to run on the specified method or methods

Example: Code of @PermitAll Annotation