Securing Enterprise JavaBeans EJBs 6-13
security-role security-role
role-nameeastrole-name security-role
method-permission role-namemanagerrole-name
role-nameeastrole-name method
ejb-nameaccountsPayableejb-name method-namegetReceiptsmethod-name
method method-permission
... assembly-descriptor
... weblogic-ejb-jar.xml entries:
security-role-assignment role-namemanagerrole-name
externally-defined ...
security-role-assignment ...
For more information on using the Administration Console to configure security for EJBs, see Securing Resources Using Roles and Policies for Oracle WebLogic Server.
6.3.2.5 identity-assertion
The identity-assertion element specifies whether the EJB supports identity assertion.
The following table defines the possible settings.
6.3.2.5.1 Used Within The identity-assertion element is used with the
iiop-security-descriptor element.
6.3.2.5.2 Example For an example of how to the identity-assertion element, see
Example 6–6 .
6.3.2.6 iiop-security-descriptor
The iiop-security-descriptor element specifies security configuration parameters at the bean-level. These parameters determine the IIOP security
information contained in the interoperable object reference IOR.
6.3.2.6.1 Example For an example of how to use the iiop-security-descriptor
element, see Example 6–6
.
Table 6–7 identity-assertion Element
Setting Definition
none Identity assertion is not supported
supported Identity assertion is supported, but not
required. required
Identity assertion is required.
6-14 Programming Security for Oracle WebLogic Server
Example 6–6 iiop-security-descriptor Element Example
weblogic-enterprise-bean iiop-security-descriptor
transport-requirements confidentialitysupportedconfidentiality
integritysupportedintegrity client-cert-authorization
supported
client-cert-authentication transport-requirements
client-authenticationsupportedclient-authentication identity-assertionsupportedidentity-assertion
iiop-security-descriptor weblogic-enterprise-bean
6.3.2.7 integrity
The integrity element specifies the transport integrity requirements for the EJB. Using the integrity element ensures that the data is sent between the client and server
in such a way that it cannot be changed in transit.
The following table defines the possible settings.
6.3.2.7.1 Used Within The integrity element is used within the
transport-requirements element.
6.3.2.7.2 Example For an example of how to use the integrity element, see
Example 6–10 .
6.3.2.8 principal-name
The principal-name element specifies the name of the principal in the ProductName security realm that applies to role name specified in the
security-role-assignment element. At least one principal is required in the security-role-assignment element. You may define more than one
principal-name for each role name.
6.3.2.8.1 Used Within The principal-name element is used within the
security-role-assignment element.
6.3.2.8.2 Example For an example of how to use the principal-name element, see
Example 6–1 .
Table 6–8 integrity Element
Setting Definition
none Integrity is not supported.
supported Integrity is supported, but not required.
required Integrity is required.
Note: If you need to list a significant number of principals, consider
specifying groups instead of users. There are performance issues if you specify too many users.
Securing Enterprise JavaBeans EJBs 6-15
6.3.2.9 role-name