1 /* 2 * JBoss, Home of Professional Open Source 3 * Copyright 2014, Red Hat, Inc. and/or its affiliates, and individual 4 * contributors by the @authors tag. See the copyright.txt in the 5 * distribution for a full listing of individual contributors. 6 * 7 * Licensed under the Apache License, Version 2.0 (the "License"); 8 * you may not use this file except in compliance with the License. 9 * You may obtain a copy of the License at 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 package org.jboss.as.quickstarts.ejb_security; 18 19 import java.security.Principal; 20 21 import javax.annotation.Resource; 22 import javax.annotation.security.RolesAllowed; 23 import javax.ejb.SessionContext; 24 import javax.ejb.Stateless; 25 26 import org.jboss.ejb3.annotation.SecurityDomain; 27 28 /** 29 * Simple secured EJB using EJB security annotations 30 * 31 * @author Sherif Makary 32 * 33 */ 34 /** 35 * 36 * Annotate this EJB for authorization. Allow only those in the "guest" role. For EJB authorization, you must also specify the 37 * security domain. This example uses the "other" security domain which is provided by default in the standalone.xml file. 38 * 39 */ 40 @Stateless 41 @RolesAllowed({ "guest" }) 42 @SecurityDomain("other") 43 public class SecuredEJB { 44 45 // Inject the Session Context 46 @Resource 47 private SessionContext ctx; 48 49 /** 50 * Secured EJB method using security annotations 51 */ 52 public String getSecurityInfo() { 53 // Session context injected using the resource annotation 54 Principal principal = ctx.getCallerPrincipal(); 55 56 return principal.toString(); 57 } 58 }