...
Builds upon the Injection of EntityManager Example but adds the use of @RolesAllowed and @PermitAll in the @Stateful bean to restrict who can perform create, persist and remove operations on the EntityManager. Shows a TestCase using the @RunAs annotation to execute and test the bean code as various users.
In this example we restrict the ability to create Movie Entities to a Manager or an Employee. Reads are open to anyone, logged in or not. And delete operations are only allowed by a Manager.
See the Security Annotations page for a full description of how the security annotations work.
The source for this example is in the "testing-security" directory located in the openejb-examples.zip available on the download page.
The Code
Just as with the Testing Transactions Example the magic of this unit test is in the ManagerBean and EmployeeBean @Stateless beans that we've tucked into our TestCase as inner classes. These beans allow us to execute our test code as either a Manager or as an Employee and test that Movies @Stateful bean is setup to restrict and permit calls according to our intended design.
Wiki Markup |
---|
{snippet:id=code|url=openejb3/examples/testing-security/src/main/java/org/superbiz/injection/secure/MoviesImpl.java|lang=java} |
...