Transactions and Security

The EJB 3.0 specification has an optional total replacement of XML deployment descriptors with annotations. This tutorial goes over how to use the transaction and security annotations of EJB 3.0.

Transactions

Using transactions is easy, just use the javax.ejb.TransactionAttribute annotation. The javax.ejb.TransactionAttributeType enum has every transactional type. 

    @TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
    public int add(int x, int y)
   {
      return x + y;
   }

Security

Take a look at calculatorBean.

The javax.annotation.security.RolesAllowed and javax.annotation.security.PermitAll are the EJB 3.0 security annotations. You can attach a MethodPermission to any method and define which roles are allowed to invoke on that method. The javax.ejb.RunAs annotation can also be applied at the class level. There is also an additional JBoss specific annotation that you must supply at the class level. org.jboss.ejb3.security.SecurityDomain. The SecurityDomain specifies the JAAS repository which will be used by JBoss to authenticate and authorize. See the JBoss Application Server documentation for more details. In this particular example, the "other" domain is used. The "other" domain corresponds to a users.properties and roles.properties files that contain cleartext user, password, and user/role associations. If you open the built tutorial.jar file you will see these two files in there.

Client

Open up Client.java. You'll see that it looks up the stateless bean under its remote interface's fully qualified classname. Also notice that there is no Home interface and you can begin executing on the stateless bean right away. The client uses a proprietary backdoor to set the user name and password through JBoss's SecurityAssociation class. JBoss recommends using JAAS for more portable applicatons.

Building and Running

To build and run the example, make sure you have ejb3.deployer installed in JBoss 4.0.x and have JBoss running. See the reference manual on how to install EJB 3.0. 
Unix:    $ export JBOSS_HOME=<where your jboss 4.0 distribution is>
Windows: $ set JBOSS_HOME=<where your jboss 4.0 distribution is>
$ ant
$ ant run

run:
     [java] Kabir is a student.
     [java] Kabir types in the wrong password
     [java] 2004-10-07 15:32:50,916 INFO org.jboss.remoting.InvokerRegistry[main] - Failed to load soap remoting transpo
rt: org/apache/axis/AxisFault
     [java] Authentication exception, principal=kabir
     [java] Kabir types in correct password.
     [java] Kabir does unchecked addition.
     [java] 1 + 1 = 2
     [java] Kabir is not a teacher so he cannot do division
     [java] Insufficient method permissions, principal=kabir, interface=org.jboss.ejb3.EJBContainerInvocation, requiredR
oles=[teacher], principalRoles=[student]
     [java] Students are allowed to do subtraction
     [java] 1 - 1 = 0

The INFO message you can ignore. It will be fixed in later releases of JBoss 4.0.