A developer is creating a web service endpoint using a stateless session EJB for the business logic of an application. Choose two methods to select role based access control for the business logic ? (Choose two)
A.
Using method-permission element in ejb-jar.xml
B.
Using .htaccess file in the application’s ear
C.
Using <security-role> element in web.xml
D.
By specifying security annotations like @RolesAllowed in the EJB class
Even though the stateless session EJB is exposed as web service with the role based access control like method-permission in ejb-jar.xml or @RolesAllowed in the EJB class, the developer still need to config the role-based access control to the EJB resource in web.xml so that the access control can be propagated from the web container to the EJB container.
Answer is C and D
I think if the exam question is asking the way to set up role based security for EJB based JAX-WS web service, the answer can be either using annotations or using ejb-jar.xml.
for this case the file we.xml is to assign the role specified al client web service
B,D are correct
sorry
A,D are correct
A,D Are correct
Each method-permission element contains one or more role-name child elements that define the logical roles that are allowed to access the EJB methods as identified by method child elements.
https://docs.jboss.org/jbossas/docs/Server_Configuration_Guide/4/html/J2EE_Declarative_Security_Overview-EJB_method_permissions.html
<ejb-jar
<assembly-descriptor
<method-permission
<description The employee and temp-employee roles may access any
method of the EmployeeService bean description
<role-name employee role-name
<role-name temp-employee role-name
<method
<ejb-name EmployeeService ejb-name
<method-name * method-name
method
method-permission
assembly-descriptor
ejb-jar