5.4.1 Ensure that all appropriate EJB methods are protected

Information

Access to the EJB methods should be protected appropriately using roles in deployment descriptor or annotations.

Protecting the appropriate EJB methods will ensure that users have to provide the correct credentials to access them.

Solution

Set <method-permission> elements in the ejb-jar.xml deployment descriptor file of each application or use annotations.Example using method-permission:

<method-permission>
<role-name>teller</role-name>
<method>
<ejb-name>myEJB1</ejb-name>
<method-name>getBalance</method-name>
</method>
</method-permission>

Example using annotations:

@RolesAllowed("teller")
public class myEJB1 {
public void getBalance () {...}
...
}

Item Details

Audit Name: CIS IBM WebSphere Liberty v1.0.0 L1

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Unix

Control ID: 11887eb7dec9c481676458b6c98868c839a154ff4b81e5c5b436eb078762c10e

Detections

Analytics

5.4.1 Ensure that all appropriate EJB methods are protected

Information

Solution

See Also

Item Details