InfoCenter Home >
6: Administer applications >
6.6: Tools and resources quick reference >
6.6.18: Securing applications >
6.6.18.7: Protecting individual application components and methods

6.6.18.7: Protecting individual application components and methods

Protecting enterprise beans after redeployment

All methods in enterprise beans and Web applications are unprotected by default.

Security is not automatically updated when changes are made to a bean. It will be updated after the old application is stopped, the new application is deployed into the runtime, and the new application is started.

Adding a method to a bean

If you add a method to a bean, you must use the Application Assembly Tool to associate the new method with a role.

Modifying a method on a bean

If you modify a method on a bean, you must use the Application Assembly Tool to ensure that the method still has a role associated with it.

Unprotecting resources

All methods in enterprise beans and Web applications are unprotected by default. If you have add a single method-to-role mapping to an enterprise-bean method, the user will be given an option to assign "DenyAllRole" role to all other unprotected methods during application installation. If the unprotected methods are assigned the "DenyAllRole" role, then these methods are protected; nobody is permitted to use them. If the unprotected methods are not assigned the "DenyAllRole" role, these methods are not protected and anyone can access those methods.

Unprotecting an entire application

During application assembly, if you have assigned roles to methods with an application, you have protected those methods. To unprotect the methods, you can do either of the following:

  • Use the Application Assembly Tool to remove the method-to-role mappings for every method in the application
  • Assign the Everyone subject to all of the roles in the application, either during application installation or using the Security Center after installation

Unprotecting a Method

The only way to unprotect a specific method is to use the Application Assembly Tool to edit the method-to-role mapping. Change the role associated with the method to a different role, one that is associated only with the Everyone subject.

Go to previous article: Avoiding known security risks in the runtime environment Go to next article: Specifying authentication options in sas.client.props

 

 
Go to previous article: Avoiding known security risks in the runtime environment Go to next article: Specifying authentication options in sas.client.props