• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Doubt in EJB 3 Security

 
nitin pai
Ranch Hand
Posts: 185
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I want to know where is the principal and role of the caller, set, when an EJB is called. I have read the security chapter in EJB but it only mentions the two methods getCallerPrincipal() and isCallerInRole(). But who is responsible for setting them?

Lets say I want to call an EJB method from a servlet. I would do it this way,

@EJB SimpleBean bean;
bean.someMethod();


In this case I am not setting any principal or role myself. So how would they be available when the ejb method is called?
 
J J Wright
Ranch Hand
Posts: 254
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The principal is set once the client is authenticated by the container. The application doesn't set the caller principal. Roles and principals are part of the security domain configured in the container or other network infrastructure.

Read the Java Authentication and Authorization Service (JAAS) documentation to get a better understanding of this - http://java.sun.com/javase/6/docs/technotes/guides/security/
 
nitin pai
Ranch Hand
Posts: 185
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Jonathan,

Can you also tell me what should be done if I want to call the EJB from my servlet and also make the container set the principal and role.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic