红帽全球峰会此内容没有您所选择的语言版本。
8.2.2. Security References
Both Enterprise Java Beans (EJBs) and servlets can declare one or more <security-role-ref> elements.
Figure 8.1. Security Roles Reference Model
This element declares that a component is using the <role-name> element's
role-nameType attribute value as an argument to the isCallerInRole(String) method. By using the isCallerInRole method, a component can verify whether the caller is in a role that has been declared with a <security-role-ref> or <role-name> element. The <role-name> element value must link to a <security-role> element through the <role-link> element. The typical use of isCallerInRole is to perform a security check that cannot be defined by using the role-based <method-permissions> elements.
Example 8.1. ejb-jar.xml descriptor fragment
<!-- A sample ejb-jar.xml fragment -->
<ejb-jar>
<enterprise-beans>
<session>
<ejb-name>ASessionBean</ejb-name>
...
<security-role-ref>
<role-name>TheRoleICheck<role-name>
<role-link>TheApplicationRole</role-link>
</security-role-ref>
</session>
</enterprise-beans>
...
</ejb-jar>
Note
This fragment is an example only. In deployments, the elements in this section must contain role names and links relevant to the EJB deployment.
Example 8.2. web.xml descriptor fragment
<web-app>
<servlet>
<servlet-name>AServlet</servlet-name>
...
<security-role-ref>
<role-name>TheServletRole</role-name>
<role-link>TheApplicationRole</role-link>
</security-role-ref>
</servlet>
...
</web-app>
