Class: com.sybase.djc.ant.DenyAccessProperty (Deny Access Property) EAServer 6.3 Help
Description This property is used to deny access to a method, component or package.
Configuration

Configuration is achieved using an XML (Ant) configuration script, such as the following: 

<project name="ejbjar-example-user">
  <import file="ant-config-tasks.xml"/>
  <target name="configure-user">
    <setProperties component="ejb.components.example.ShoppingCartRemote">
      <denyAccess roles="m1,m2" ports="1000,2000"/>
      <denyAccess method="mySpecialMethod(int, String)" roles="c1,c2" ports="3000,4000"/>
    </setProperties>
    <setProperties package="ejb.components.example">
      <accessControl type="default"/>
      <denyAccess roles="p1,p2" ports="5000,6000"/>
    </setProperties>
  </target>
</project>
This example assumes the prior deployment of an EJB-JAR file named example.jar. The above script would be placed in file ejbjar-example-user.xml in the config directory of your EAServer installation. To run the script, assuming that the bin directory of your EAServer installation is in the PATH, you would use one of the the following commands: 
recompile ejbjar-example-user      (Windows)

recompile.sh ejbjar-example-user   (Unix / Linux)

Alternatively, the above script can be named sybase-ejbjar-config.xml and placed alongside ejb-jar.xml in the META-INF directory inside an EJB-JAR file (prior to deployment).

Notes:

  1. This property should be used together with the Access Control Property.
  2. This property can be set at method, component, or package level.
  3. This property can be used with web components, in which case it will supplement the security-constraint elements in WEB-INF/web.xml.
  4. If this property is used together with the Permit Access Property, the Deny Access Property always takes precedence.
Nested Properties audit, method, ports, roles

Property: audit (Audit Access Denied)
Description If "true", enables auditing whenever method access is denied. Audit records are written to the server log. Additionally, the security domain auditAccessDenied property must also be "true".
Default Value false
Legal Values false, true

Property: method (Method)
Description Name and signature of method for method-specific application of this property, e.g. "myMethod(int, java.lang.String)".

Property: ports (Excluded Ports)
Description A comma-separated list of port numbers for excluded ports. If the client is connected to one of these ports, access will be denied.
  • A port number of "local" can be used to denote local clients making inter-component calls.
  • A port number of "none" can be used to denote a port that no clients are connected to.
  • A port number of "*" can be used to denote a port that all clients are connected to.
  • Method level ports (if specified) will override component level ports (independently of roles).
  • Component level ports (if specified) will override package level ports (independently of roles).

Property: roles (Excluded Roles)
Description A comma-separated list of names for excluded roles. If the client is a member of at least one of these roles, access will be denied.
  • A role name of "local" can be used to denote local clients making inter-component calls.
  • A role name of "none" can be used to denote a role that no clients belong to.
  • A role name of "*" can be used to denote a role that all clients belong to.
  • Method level roles (if specified) will override component level roles (independently of ports).
  • Component level roles (if specified) will override package level roles (independently of ports).