Designing and Implementing Composite Applications 10.4 | Designing and Implementing Composite Applications | Getting Started with the webMethods Application Platform API | Using the Application Platform API | Adding Single Sign-On Authentication to Application Platform Projects | OSGi Service Layer Security | Declarative Security
 
Declarative Security
Application Platform enables you to add declarative security to POJOs that are published as OSGi services by using the @Service annotation. To add security to POJOs that are published as OSGi services, you can use the @Secure annotation, together with a set of common Java EE security annotations. Application Platform supports the following common Java EE security annotations, which you can use at the class or method level:
*@DenyAll
*@PermitAll
*@RolesAllowed for My webMethods Server
*@AclAllowed for Integration Server
The following sample codes show an OSGi service implementation of declarative security, where the @Secure annotation indicates that the AdderService service is secure and the invocation of the service methods is denied by default with the @DenyAll annotation. The examples show how you can allow invocation of the add method, as follows:
*By users with Admin or Developer role in My webMethods Server, by using the @RolesAllowed annotation:
@Service
@Secure
@DenyAll
public class AdderService {
 
     @RolesAllowed({"Admin", "Developer"})
     public float add(float x, float y) {
          return x + y;
     }
}
*By users with Developer role in Integration Server, by using the @AclAllowed annotation:
@Service
@Secure
@DenyAll
public class AdderService {
 
     @AclAllowed({"Developer"})
     public float add(float x, float y) {
          return x + y;
     }
}

Copyright © 2019 | Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors.
Innovation Release