There are 5 annotations that make up annotated security. These annotations almost identically match EJB3 based annotations.
import org.jboss.aspects.security.*;
@SecurityDomain("other")
@RunAs("allowed")
public class AnnotatedSecuredPOJO
{
@Permissions({"allowed"})
public int someField;
@Exclude
public String excludedField;
@Unchecked
public long uncheckedField;
@Permissions({"allowed"})
public AnnotatedSecuredPOJO(int field)
{
someField = field;
}
@Unchecked
public void unchecked() {}
@Permissions({"allowed"})
public void someMethod()
{
}
}
org.jboss.aspects.security.SecurityDomain
The @SecurityDomain annotation defines the JBoss security domain to use. See JBoss J2EE documentation on what this means. Basically it specifies the repository where usernames, passwords, and user/role associtations are stored. This annotation is only applicable at the Class level.
org.jboss.aspects.security.SecurityDomain
The @RunAs annotation works in the same way as the EJB run-as tag. This annotation is only applicable at the Class level.
org.jboss.aspects.security.Permissions
The @Permissions annotation works in the much in the same way as the EJB method-permissions tag works in XML the difference being it can be applied to any method (static or member), any field (static or member), or any constructor.
org.jboss.aspects.security.Exclude
The @Exlude annotation works in the much in the same way as the EJB exclude-list tag works in XML the difference being it can be applied to any method (static or member), any field (static or member), or any constructor.
org.jboss.aspects.security.Unchecked
The @Unchecked annotation works in the much in the same way as the EJB unchecked tag works in XML the difference being it can be applied to any method (static or member), any field (static or member), or any constructor.