Google Git
Sign in
apache / tomee-site-ng / refs/heads/old-website / . / html / 3.0 / security-annotations.html
blob: fa8b0ce7c8b1568bd2f27503c5d49dbb97a3369b [file] [log] [blame]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML>
<HEAD>
<!-- $PAGETITLE -->
<TITLE>OpenEJB - Security Annotations</TITLE>
<LINK href="http://openejb.apache.org/all.css" rel="stylesheet" type="text/css">
<!--[if IE]><link rel="stylesheet" type="text/css" media="screen, projection" href="openejb.apache.org/ie.css"><![endif]-->
<LINK rel="SHORTCUT ICON" href="http://openejb.apache.org/images/favicon.ico">
<META http-equiv="Content-Type" content="text/html;charset=UTF-8">
</HEAD>
<BODY>
<!-- Delay the loading of the external javascript file needed for labels (as it takes too long to load and visibly holds loading of the page body) -->
<!-- To do this without javascript errors over undefined functions, we need to declare stubs here (that are overrided later by the proper implementations) -->
<SCRIPT language="JavaScript" type="text/javascript">
function doAddLabel(hideTextfieldAfterAddParam)
{
// stub
}
function onAddLabel()
{
// stub
}
function showLabelsInput()
{
// stub
}
</SCRIPT>
<A name="top"></A>
<TABLE class="frameTable" cellpadding="0" cellspacing="0" border="0">
<TR class="Row1">
<TD class="Col1"><IMG alt="" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
<TD class="Col2"><IMG alt="" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
<TD class="Col3"><IMG alt="" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
<TD class="Col4"><IMG alt="" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
<TD class="Col5"><IMG alt="" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
</TR>
<TR class="Row2">
<TD class="Col1"><IMG alt="" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
<TD class="Col2">&nbsp;</TD>
<TD class="Col3" id="breadcrumbs">
<!-- $TOP_NAV_BAR -->
<A href="../OPENEJB/index.html" title="Index">Home</A> | <A href="../OPENEJB/download.html" title="Download">Download</A> | <A href="../OPENEJB/mailing-lists.html" title="Mailing Lists">Lists</A> | <A href="http://issues.apache.org/jira/browse/OPENEJB" class="external-link" rel="nofollow">Issues</A>
</TD>
<TD class="Col4"><IMG alt="" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
<TD class="Col5">&nbsp;</TD>
</TR>
<TR class="Row3">
<TD class="Col1"><IMG alt="" class="Row3Img" id="thinLine" src="http://openejb.apache.org/images/line_sm.gif"></TD>
<TD class="Col2"><IMG alt="" class="Row3Img" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
<TD class="Col3"><IMG alt="" class="Row3Img" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
<TD class="Col4"><IMG alt="" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
<TD class="Col5"><IMG alt="" class="Row3Img" src="http://openejb.apache.org/images/dotTrans.gif"></TD>
</TR>
<TR class="Row4">
<TD class="Col1">
<SPAN id="Navigation">
<H3><A name="Navigation-Overview"></A>Overview</H3>
<UL class="alternate" type="square">
<LI><A href="../OPENEJB/index.html" title="Index">Home</A></LI>
<LI><A href="../OPENEJB/news.html" title="News">News</A></LI>
<LI><A href="../OPENEJB/faq.html" title="FAQ">FAQ</A></LI>
<LI><A href="../OPENEJB/download.html" title="Download">Download</A></LI>
<LI><A href="index.html" title="Index">Documentation</A></LI>
<LI><A href="../OPENEJB/examples.html" title="Examples">Examples</A></LI>
<LI><A href="http://cwiki.apache.org/confluence/display/OPENEJB/Lightening%20Demos" class="external-link" rel="nofollow">Lightning Demos</A></LI>
<LI><A href="../OPENEJB/mailing-lists.html" title="Mailing Lists">Mailing Lists</A></LI>
<LI><A href="../OPENEJB/source-code.html" title="Source Code">Source Code</A></LI>
<LI><A href="http://blogs.apache.org/openejb" class="external-link" rel="nofollow">Project Blog</A></LI>
</UL>
<H3><A name="Navigation-Servers"></A>Servers</H3>
<UL class="alternate" type="square">
<LI><A href="../OPENEJB/local-server.html" title="Local Server">Local</A></LI>
<LI><A href="../OPENEJB/remote-server.html" title="Remote Server">Remote</A></LI>
</UL>
<H3><A name="Navigation-Integrations"></A>Integrations</H3>
<UL class="alternate" type="square">
<LI><A href="tomcat.html" title="Tomcat">Tomcat</A></LI>
<LI><A href="../OPENEJB/geronimo.html" title="Geronimo">Geronimo</A></LI>
<LI><A href="../OPENEJB/webobjects.html" title="WebObjects">WebObjects</A></LI>
</UL>
<H3><A name="Navigation-Community"></A>Community</H3>
<UL class="alternate" type="square">
<LI><A href="../OPENEJB/team.html" title="Team">Team</A></LI>
<LI><A href="../OPENEJB/articles.html" title="Articles">Articles</A></LI>
<LI><A href="http://webchat.freenode.net/?channels=openejb" class="external-link" rel="nofollow">IRC</A></LI>
</UL>
<H3><A name="Navigation-RelatedProjects"></A>Related Projects</H3>
<UL class="alternate" type="square">
<LI><A href="http://activemq.apache.org/" class="external-link" rel="nofollow">ActiveMQ</A></LI>
<LI><A href="http://openjpa.apache.org/" class="external-link" rel="nofollow">OpenJPA</A></LI>
<LI><A href="http://cxf.apache.org/" class="external-link" rel="nofollow">CXF</A></LI>
</UL>
<H3><A name="Navigation-Index"></A>Index</H3>
<UL class="alternate" type="square">
<LI><A href="../OPENEJB/space-index.html" title="Space Index">Site Index</A></LI>
<LI><A href="space-index.html" title="Space Index">Doc Index</A></LI>
</UL>
<H3>
<A name="Navigation-Feeds"></A>
Feeds
</H3>
<UL class="feeds">
<LI>
<A href="http://cwiki.apache.org/confluence/spaces/rss.action?key=OPENEJB&newPages=false">
<IMG src="http://openejb.apache.org/images/rss.gif"></A>
<A class="feedsText" href="http://cwiki.apache.org/confluence/spaces/rss.action?key=OPENEJB&newPages=false">Site</A>
</LI>
<LI><A href="http://cwiki.apache.org/confluence/spaces/blogrss.action?key=OPENEJB">
<IMG src="http://openejb.apache.org/images/rss.gif"></A>
<A class="feedsText" href="http://cwiki.apache.org/confluence/spaces/blogrss.action?key=OPENEJB">News</A>
</LI>
</UL>
</SPAN>
</TD>
<TD class="Col2">&nbsp;</TD>
<TD class="Col3">
<TABLE id="PageHeader" border="0" width="100%">
<TR>
<TD>
<A href="http://openejb.org/">
<IMG hspace="0" src="http://openejb.apache.org/images/logo_openejb.gif" vspace="0">
</A>
</TD>
<TD align="right">
<A href="http://www.apache.org/">
<IMG src="http://www.apache.org/images/asf-logo.gif" width="258" height="66">
</A>
</TD>
</TR>
<TR>
<TD id="page_title">
<!-- $TITLE -->
Security Annotations
</TD>
<TD align="right">
<BR><BR>
<!-- Google CSE Search Box Begins -->
<FORM id="searchbox_010475492895890475512:_t4iqjrgx90" action="http://www.google.com/cse">
<INPUT type="hidden" name="cx" value="010475492895890475512:_t4iqjrgx90">
<INPUT type="hidden" name="cof" value="FORID:0">
<INPUT name="q" type="text" size="25">
<INPUT type="submit" name="sa" value="Search">
</FORM>
<SCRIPT type="text/javascript" src="http://www.google.com/coop/cse/brand?form=searchbox_010475492895890475512:_t4iqjrgx90"></SCRIPT>
<!-- Google CSE Search Box Ends -->
</TD>
</TR>
</TABLE>
<P>
<!-- $BODY -->
<DIV id="PageContent">
<P>This page shows the correct usage of the security related annotations:</P>
<UL class="alternate" type="square">
<LI>javax.annotation.security.RolesAllowed</LI>
<LI>javax.annotation.security.PermitAll</LI>
<LI>javax.annotation.security.DenyAll</LI>
<LI>javax.annotation.security.RunAs</LI>
<LI>javax.annotation.security.DeclareRoles</LI>
</UL>
<H2><A name="SecurityAnnotations-Basicidea"></A>Basic idea</H2>
<UL class="alternate" type="square">
<LI>By default all methods of a business interface are accessible, logged in or not</LI>
<LI>The annotations go on the bean class, not the business interface</LI>
<LI>Security annotations can be applied to entire class and/or individual methods</LI>
<LI>The names of any security roles used must be declared via @DeclareRoles</LI>
</UL>
<H2><A name="SecurityAnnotations-Norestrictions"></A>No restrictions</H2>
<P>Allow anyone logged in or not to invoke 'svnCheckout'.</P>
<P>These three examples are all equivalent.</P>
<DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent panelContent">
<PRE class="code-java">
@Stateless
<SPAN class="code-keyword">public</SPAN> class OpenSourceProjectBean <SPAN class="code-keyword">implements</SPAN> Project {
<SPAN class="code-keyword">public</SPAN> <SPAN class="code-object">String</SPAN> svnCheckout(<SPAN class="code-object">String</SPAN> s) {
<SPAN class="code-keyword">return</SPAN> s;
}
}
</PRE>
</DIV></DIV>
<DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent panelContent">
<PRE class="code-java">
@Stateless
@PermitAll
<SPAN class="code-keyword">public</SPAN> class OpenSourceProjectBean <SPAN class="code-keyword">implements</SPAN> Project {
<SPAN class="code-keyword">public</SPAN> <SPAN class="code-object">String</SPAN> svnCheckout(<SPAN class="code-object">String</SPAN> s) {
<SPAN class="code-keyword">return</SPAN> s;
}
}
</PRE>
</DIV></DIV>
<DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent panelContent">
<PRE class="code-java">
@Stateless
<SPAN class="code-keyword">public</SPAN> class OpenSourceProjectBean <SPAN class="code-keyword">implements</SPAN> Project {
@PermitAll
<SPAN class="code-keyword">public</SPAN> <SPAN class="code-object">String</SPAN> svnCheckout(<SPAN class="code-object">String</SPAN> s) {
<SPAN class="code-keyword">return</SPAN> s;
}
}
</PRE>
</DIV></DIV>
<UL class="alternate" type="square">
<LI>Allow anyone logged in or not to invoke 'svnCheckout'.</LI>
</UL>
<H2><A name="SecurityAnnotations-RestrictingaMethod"></A>Restricting a Method</H2>
<P>Restrict the 'svnCommit' method to only individuals logged in and part of the &quot;committer&quot; role. Note that more than one role can be listed.</P>
<DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent panelContent">
<PRE class="code-java">
@Stateless
@DeclareRoles({<SPAN class="code-quote">&quot;committer&quot;</SPAN>})
<SPAN class="code-keyword">public</SPAN> class OpenSourceProjectBean <SPAN class="code-keyword">implements</SPAN> Project {
@RolesAllowed({<SPAN class="code-quote">&quot;committer&quot;</SPAN>})
<SPAN class="code-keyword">public</SPAN> <SPAN class="code-object">String</SPAN> svnCommit(<SPAN class="code-object">String</SPAN> s) {
<SPAN class="code-keyword">return</SPAN> s;
}
<SPAN class="code-keyword">public</SPAN> <SPAN class="code-object">String</SPAN> svnCheckout(<SPAN class="code-object">String</SPAN> s) {
<SPAN class="code-keyword">return</SPAN> s;
}
}
</PRE>
</DIV></DIV>
<UL class="alternate" type="square">
<LI>Allow only logged in users in the &quot;committer&quot; role to invoke 'svnCommit'.</LI>
<LI>Allow anyone logged in or not to invoke 'svnCheckout'.</LI>
</UL>
<H2><A name="SecurityAnnotations-DeclareRoles"></A>DeclareRoles</H2>
<P>You need to update the @DeclareRoles when referencing roles via isCallerInRole(roleName).</P>
<DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent panelContent">
<PRE class="code-java">
@Stateless
@DeclareRoles({<SPAN class="code-quote">&quot;committer&quot;</SPAN>, <SPAN class="code-quote">&quot;contributor&quot;</SPAN>})
<SPAN class="code-keyword">public</SPAN> class OpenSourceProjectBean <SPAN class="code-keyword">implements</SPAN> Project {
@Resource SessionContext ctx;
@RolesAllowed({<SPAN class="code-quote">&quot;committer&quot;</SPAN>})
<SPAN class="code-keyword">public</SPAN> <SPAN class="code-object">String</SPAN> svnCommit(<SPAN class="code-object">String</SPAN> s) {
ctx.isCallerInRole(<SPAN class="code-quote">&quot;committer&quot;</SPAN>); <SPAN class="code-comment">// Referencing a Role
</SPAN> <SPAN class="code-keyword">return</SPAN> s;
}
@RolesAllowed({<SPAN class="code-quote">&quot;contributor&quot;</SPAN>})
<SPAN class="code-keyword">public</SPAN> <SPAN class="code-object">String</SPAN> submitPatch(<SPAN class="code-object">String</SPAN> s) {
<SPAN class="code-keyword">return</SPAN> s;
}
}
</PRE>
</DIV></DIV>
<H2><A name="SecurityAnnotations-Restrictingallmethodsinaclass"></A>Restricting all methods in a class</H2>
<P>Placing the annotation at the class level changes the default of PermitAll</P>
<DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent panelContent">
<PRE class="code-java">
@Stateless
@DeclareRoles({<SPAN class="code-quote">&quot;committer&quot;</SPAN>})
@RolesAllowed({<SPAN class="code-quote">&quot;committer&quot;</SPAN>})
<SPAN class="code-keyword">public</SPAN> class OpenSourceProjectBean <SPAN class="code-keyword">implements</SPAN> Project {
<SPAN class="code-keyword">public</SPAN> <SPAN class="code-object">String</SPAN> svnCommit(<SPAN class="code-object">String</SPAN> s) {
<SPAN class="code-keyword">return</SPAN> s;
}
<SPAN class="code-keyword">public</SPAN> <SPAN class="code-object">String</SPAN> svnCheckout(<SPAN class="code-object">String</SPAN> s) {
<SPAN class="code-keyword">return</SPAN> s;
}
<SPAN class="code-keyword">public</SPAN> <SPAN class="code-object">String</SPAN> submitPatch(<SPAN class="code-object">String</SPAN> s) {
<SPAN class="code-keyword">return</SPAN> s;
}
}
</PRE>
</DIV></DIV>
<UL class="alternate" type="square">
<LI>Allow only logged in users in the &quot;committer&quot; role to invoke 'svnCommit', 'svnCheckout' or 'submitPatch'.</LI>
</UL>
<H2><A name="SecurityAnnotations-Mixingclassandmethodlevelrestrictions"></A>Mixing class and method level restrictions</H2>
<P>Security annotations can be used at the class level and method level at the same time. These rules do not stack, so marking 'submitPatch' overrides the default of &quot;committers&quot;.</P>
<DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent panelContent">
<PRE class="code-java">
@Stateless
@DeclareRoles({<SPAN class="code-quote">&quot;committer&quot;</SPAN>, <SPAN class="code-quote">&quot;contributor&quot;</SPAN>})
@RolesAllowed({<SPAN class="code-quote">&quot;committer&quot;</SPAN>})
<SPAN class="code-keyword">public</SPAN> class OpenSourceProjectBean <SPAN class="code-keyword">implements</SPAN> Project {
<SPAN class="code-keyword">public</SPAN> <SPAN class="code-object">String</SPAN> svnCommit(<SPAN class="code-object">String</SPAN> s) {
<SPAN class="code-keyword">return</SPAN> s;
}
<SPAN class="code-keyword">public</SPAN> <SPAN class="code-object">String</SPAN> svnCheckout(<SPAN class="code-object">String</SPAN> s) {
<SPAN class="code-keyword">return</SPAN> s;
}
@RolesAllowed({<SPAN class="code-quote">&quot;contributor&quot;</SPAN>})
<SPAN class="code-keyword">public</SPAN> <SPAN class="code-object">String</SPAN> submitPatch(<SPAN class="code-object">String</SPAN> s) {
<SPAN class="code-keyword">return</SPAN> s;
}
}
</PRE>
</DIV></DIV>
<UL class="alternate" type="square">
<LI>Allow only logged in users in the &quot;committer&quot; role to invoke 'svnCommit' or 'svnCheckout'</LI>
<LI>Allow only logged in users in the &quot;contributor&quot; role to invoke 'submitPatch'.</LI>
</UL>
<H2><A name="SecurityAnnotations-PermitAll"></A>PermitAll</H2>
<P>When annotating a bean class with @RolesAllowed, the @PermitAll annotation becomes very useful on individual methods to open them back up again.</P>
<DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent panelContent">
<PRE class="code-java">
@Stateless
@DeclareRoles({<SPAN class="code-quote">&quot;committer&quot;</SPAN>, <SPAN class="code-quote">&quot;contributor&quot;</SPAN>})
@RolesAllowed({<SPAN class="code-quote">&quot;committer&quot;</SPAN>})
<SPAN class="code-keyword">public</SPAN> class OpenSourceProjectBean <SPAN class="code-keyword">implements</SPAN> Project {
<SPAN class="code-keyword">public</SPAN> <SPAN class="code-object">String</SPAN> svnCommit(<SPAN class="code-object">String</SPAN> s) {
<SPAN class="code-keyword">return</SPAN> s;
}
@PermitAll
<SPAN class="code-keyword">public</SPAN> <SPAN class="code-object">String</SPAN> svnCheckout(<SPAN class="code-object">String</SPAN> s) {
<SPAN class="code-keyword">return</SPAN> s;
}
@RolesAllowed({<SPAN class="code-quote">&quot;contributor&quot;</SPAN>})
<SPAN class="code-keyword">public</SPAN> <SPAN class="code-object">String</SPAN> submitPatch(<SPAN class="code-object">String</SPAN> s) {
<SPAN class="code-keyword">return</SPAN> s;
}
}
</PRE>
</DIV></DIV>
<UL class="alternate" type="square">
<LI>Allow only logged in users in the &quot;committer&quot; role to invoke 'svnCommit'.</LI>
<LI>Allow only logged in users in the &quot;contributor&quot; role to invoke 'submitPatch'.</LI>
<LI>Allow anyone logged in or not to invoke 'svnCheckout'.</LI>
</UL>
<H2><A name="SecurityAnnotations-DenyAll"></A>DenyAll</H2>
<P>The @DenyAll annotation can be used to restrict business interface access from anyone, logged in or not. The method is still invokable from within the bean class itself.</P>
<DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent panelContent">
<PRE class="code-java">
@Stateless
@DeclareRoles({<SPAN class="code-quote">&quot;committer&quot;</SPAN>, <SPAN class="code-quote">&quot;contributor&quot;</SPAN>})
@RolesAllowed({<SPAN class="code-quote">&quot;committer&quot;</SPAN>})
<SPAN class="code-keyword">public</SPAN> class OpenSourceProjectBean <SPAN class="code-keyword">implements</SPAN> Project {
<SPAN class="code-keyword">public</SPAN> <SPAN class="code-object">String</SPAN> svnCommit(<SPAN class="code-object">String</SPAN> s) {
<SPAN class="code-keyword">return</SPAN> s;
}
@PermitAll
<SPAN class="code-keyword">public</SPAN> <SPAN class="code-object">String</SPAN> svnCheckout(<SPAN class="code-object">String</SPAN> s) {
<SPAN class="code-keyword">return</SPAN> s;
}
@RolesAllowed({<SPAN class="code-quote">&quot;contributor&quot;</SPAN>})
<SPAN class="code-keyword">public</SPAN> <SPAN class="code-object">String</SPAN> submitPatch(<SPAN class="code-object">String</SPAN> s) {
<SPAN class="code-keyword">return</SPAN> s;
}
@DenyAll
<SPAN class="code-keyword">public</SPAN> <SPAN class="code-object">String</SPAN> deleteProject(<SPAN class="code-object">String</SPAN> s) {
<SPAN class="code-keyword">return</SPAN> s;
}
}
</PRE>
</DIV></DIV>
<UL class="alternate" type="square">
<LI>Allow only logged in users in the &quot;committer&quot; role to invoke 'svnCommit'.</LI>
<LI>Allow only logged in users in the &quot;contributor&quot; role to invoke 'submitPatch'.</LI>
<LI>Allow anyone logged in or not to invoke 'svnCheckout'.</LI>
<LI>Allow <B>no one</B> logged in or not to invoke 'deleteProject'.</LI>
</UL>
<H1><A name="SecurityAnnotations-IllegalUsage"></A>Illegal Usage</H1>
<P>Generally, security restrictions cannot be made on AroundInvoke methods and most callbacks.</P>
<P>The following usages of @RolesAllowed have no effect.</P>
<DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent panelContent">
<PRE class="code-java">
@Stateful
@DecalredRoles({<SPAN class="code-quote">&quot;committer&quot;</SPAN>})
<SPAN class="code-keyword">public</SPAN> class MyStatefulBean <SPAN class="code-keyword">implements</SPAN> MyBusinessInterface {
@PostConstruct
@RolesAllowed({<SPAN class="code-quote">&quot;committer&quot;</SPAN>})
<SPAN class="code-keyword">public</SPAN> void constructed(){
}
@PreDestroy
@RolesAllowed({<SPAN class="code-quote">&quot;committer&quot;</SPAN>})
<SPAN class="code-keyword">public</SPAN> void destroy(){
}
@AroundInvoke
@RolesAllowed({<SPAN class="code-quote">&quot;committer&quot;</SPAN>})
<SPAN class="code-keyword">public</SPAN> <SPAN class="code-object">Object</SPAN> invoke(InvocationContext invocationContext) <SPAN class="code-keyword">throws</SPAN> Exception {
<SPAN class="code-keyword">return</SPAN> invocationContext.proceed();
}
@PostActivate
@RolesAllowed({<SPAN class="code-quote">&quot;committer&quot;</SPAN>})
<SPAN class="code-keyword">public</SPAN> void activated(){
}
@PrePassivate
@RolesAllowed({<SPAN class="code-quote">&quot;committer&quot;</SPAN>})
<SPAN class="code-keyword">public</SPAN> void passivate(){
}
}
</PRE>
</DIV></DIV>
</DIV>
</P>
</TD>
<TD class="Col4"><IMG src="http://openejb.apache.org/images/dotTrans.gif"></TD>
<TD class="Col5">
</TD>
</TR>
<TR class="Row5">
<TD class="Col1">&nbsp;</TD>
<TD class="Col2">&nbsp;</TD>
<TD class="Col3">
<BR>
<BR>
<IMG width="100%" height="1" src="http://openejb.apache.org/images/line_light.gif">
<TABLE width="100%">
<TR>
<TD>
<SPAN class="bodyGrey">
<SMALL>
<NOTICE><!-- $FOOTER -->
Apache OpenEJB is an project of The Apache Software Foundation (ASF)
</NOTICE>
<BR>
Site Powered by
<A href="http://atlassian.com/">Atlassian</A>
<A href="http://atlassian.com/confluence/">Confluence</A>
.
</SMALL>
</SPAN>
</TD>
<TD align="right">
<A style="color:#999;font-size:small;font-weight:normal;" href="https://cwiki.apache.org/confluence/pages/editpage.action?spaceKey=OPENEJBx30&title=Security%20Annotations">[ edit ]</A>
</TD>
</TR>
</TABLE>
<BR>
</TD>
<TD class="Col4"><IMG src="http://openejb.apache.org/images/dotTrans.gif"></TD>
<TD class="Col5">&nbsp;</TD>
</TR>
</TABLE>
<!-- Needed for composition plugin -->
<!-- delay the loading of large javascript files to the end so that they don't interfere with the loading of page content -->
<SPAN style="display: none">
<SCRIPT type="text/javascript" language="JavaScript" src="http://cwiki.apache.org/confluence/labels-javascript"></SCRIPT>
<SCRIPT src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</SCRIPT>
<SCRIPT type="text/javascript">
_uacct = "UA-2717626-1";
urchinTracker();
</SCRIPT>
</SPAN>
</BODY>
</HTML>