Authorization management can also be implemented via annotations using the WS_CONFIGURE instruction.
Annotations provide a finer granularity: each resource can define its own authorization policy.
There are four annotations:
@DeclareRoles |
The @DeclareRoles annotation is in the *SERVICE scope. It is used to declare the roles recognized by authorization management using annotations.
Example: WS_CONFIGURE *SERVICE '@DeclareRoles' 'role1,role2,role3
|
@RolesAllowed |
The @RolesAllowed annotation is in the *SERVICE or *OPERATION scope. It declares the roles authorized by the resource.
Example: WS_CONFIGURE *SERVICE '@RolesAllowed' 'role1,role3' WS_CONFIGURE *OPERATION '@RolesAllowed' 'role1'
|
@PermitAll |
The @PermitAll annotation is in the *SERVICE or *OPERATION scope. It authorizes all the roles (declared via the @DeclareRoles annotation) to access the resource.
Example: WS_CONFIGURE *OPERATION '@PermitAll' *BLANK
|
@DenyAll |
The @DenyAll annotation is in the *SERVICE or *OPERATION scope. It prevents anyone from accessing the resource.
Example: WS_CONFIGURE *OPERATION '@DenyAll' *BLANK
|