Weblogic 12c - Java EE 6 decriptors

Java EE 6 descriptors

Web Project 3.0 

web.xml 

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>testJSF2</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
</web-app>

weblogic.xml http://docs.oracle.com/cd/E24329_01/web.1211/e21049/weblogic_xml.htm

<?xml version="1.0" encoding="UTF-8"?>
<wls:weblogic-web-app xmlns:wls="http://xmlns.oracle.com/weblogic/weblogic-web-app" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd http://xmlns.oracle.com/weblogic/weblogic-web-app http://xmlns.oracle.com/weblogic/weblogic-web-app/1.4/weblogic-web-app.xsd">
<wls:weblogic-version>12.1.1</wls:weblogic-version>
<wls:context-root>testJSF2</wls:context-root>
<wls:container-descriptor>
<wls:prefer-application-packages>
<wls:package-name>com.dave.*</wls:package-name>
</wls:prefer-application-packages>
<wls:prefer-application-resources>
<wls:resource-name>com.dave.*</wls:resource-name>
</wls:prefer-application-resources>
</wls:container-descriptor>
<wls:security-role-assignment>
<wls:role-name>daverole</wls:role-name>
<wls:principal-name>dave</wls:principal-name>
</wls:security-role-assignment>
<wls:run-as-role-assignment>
<wls:role-name>daverole</wls:role-name>
<wls:run-as-principal-name>dave</wls:run-as-principal-name>
</wls:run-as-role-assignment>
</wls:weblogic-web-app>

EJB 3.1 project

ejb-jar.xml

<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar version="3.1" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_1.xsd">
  <display-name>testDaveEJB31 </display-name> 
 </ejb-jar>

weblogic-ejb-jar   http://docs.oracle.com/cd/E24329_01/web.1211/e24973/ejb_jar_ref.htm#autoId0

<?xml version="1.0" encoding="UTF-8"?>
<wls:weblogic-ejb-jar xmlns:wls="http://xmlns.oracle.com/weblogic/weblogic-ejb-jar" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_1.xsd http://xmlns.oracle.com/weblogic/weblogic-ejb-jar http://xmlns.oracle.com/weblogic/weblogic-ejb-jar/1.3/weblogic-ejb-jar.xsd">
<!--weblogic-version:12.1.1-->
<wls:security-role-assignment>
<wls:role-name>daverole</wls:role-name>
<wls:principal-name>dave</wls:principal-name>
</wls:security-role-assignment>
<wls:run-as-role-assignment>
<wls:role-name>daverole</wls:role-name>
<wls:run-as-principal-name>dave</wls:run-as-principal-name>
</wls:run-as-role-assignment>
</wls:weblogic-ejb-jar>

Enterprise Application Project 6 (EAR)

application.xml

<?xml version="1.0" encoding="UTF-8"?>
<application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:application="http://java.sun.com/xml/ns/javaee/application_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_6.xsd"
 id="Application_ID" version="6">
<display-name>testDaveEAR6</display-name>
<module>
<ejb>testDaveEJB31.jar</ejb>
</module>
<module>
<web>
<web-uri>testJSF2.war</web-uri>
<context-root>testJSF2</context-root>
</web>
</module>
</application>

weblogic-application.xml

<?xml version="1.0" encoding="UTF-8"?>
<wls:weblogic-application xmlns:wls="http://xmlns.oracle.com/weblogic/weblogic-application" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/javaee_5.xsd http://xmlns.oracle.com/weblogic/weblogic-application http://xmlns.oracle.com/weblogic/weblogic-application/1.4/weblogic-application.xsd">
    <!--weblogic-version:12.1.1-->
    <wls:security>
        <wls:security-role-assignment>
            <wls:role-name>daverole</wls:role-name>
            <wls:principal-name>dave</wls:principal-name>
        </wls:security-role-assignment>
    </wls:security>
    <wls:application-param>
        <wls:param-name>webapp.encoding.default</wls:param-name>
        <wls:param-value>UTF-8</wls:param-value>
    </wls:application-param>
    <wls:prefer-application-packages>
        <wls:package-name>com.dave.*</wls:package-name>
    </wls:prefer-application-packages>
    <wls:prefer-application-resources>
        <wls:resource-name>com.dave.*</wls:resource-name>
    </wls:prefer-application-resources>
</wls:weblogic-application>

Declaring security roles 

http://docs.oracle.com/javaee/5/tutorial/doc/bncav.html

http://docs.oracle.com/cd/E19226-01/820-7627/gjgdi/index.html

@DeclareRoles("employee")
public class CalculatorServlet {
    //...
}

Specifying @DeclareRoles("employee") is equivalent to defining the following in the web.xml:

<security-role>
    <role-name>employee</role-name>
</security-role>

http://docs.oracle.com/cd/E24329_01/web.1211/e24421/secejbwar.htm#autoId1

Deployment Descriptor Only (Java EE standard)
The web.xml,weblogic.xml and ejb-jar.xml, weblogic-ejb-jar.xml deployment descriptors.
If roles have been defined for the application that contains the Web application or EJB, all roles are combined using a logical OR operation.

The following security-related annotations are available:

• javax.annotation.security.DeclareRoles— Explicitly lists the security roles that will be used to secure the EJB.
  
• javax.annotation.security.RolesAllowed— Specifies the security roles that are allowed to invoke all the methods of the EJB (when specified at the class-level) or a particular method (when specified at the method-level.)
  
• javax.annotation.security.DenyAll— Specifies that the annotated method can not be invoked by any role.
  
• javax.annotation.security.PermitAll— Specifies that the annotated method can be invoked by all roles.
  
• javax.annotation.security.RunAs— Specifies the role which runs the EJB. By default, the EJB runs as the user who actually invokes it.
  

Eclipse OEPE project facets

 EJB 3.1

 Web 3.0