The combination of the method-permission, container-transaction
The method-permission element specifies that one or more security
roles are allowed to invoke one or more enterprise bean methods. The
method-permission element consists of an optional description, a list
of security role names, or an indicator to specify that the methods
are not to be checked for authorization, and a list of method elements.
The security roles used in the method-permission element must be
defined in the security-role element of the deployment descriptor,
and the methods must be methods defined in the enterprise bean’s component
and/or home interfaces.
The container-transaction element specifies how the container must
manage transaction scopes for the enterprise bean’s method invocations.
The element consists of an optional description, a list of
method elements, and a transaction attribute. The transaction
attribute is to be applied to all the specified methods.