File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes EJB Certification (SCBCD/OCPJBCD) and the fly likes Doubt in EJB 3 Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » EJB Certification (SCBCD/OCPJBCD)
Bookmark "Doubt in EJB 3 Security" Watch "Doubt in EJB 3 Security" New topic

Doubt in EJB 3 Security

nitin pai
Ranch Hand

Joined: May 30, 2006
Posts: 185
I want to know where is the principal and role of the caller, set, when an EJB is called. I have read the security chapter in EJB but it only mentions the two methods getCallerPrincipal() and isCallerInRole(). But who is responsible for setting them?

Lets say I want to call an EJB method from a servlet. I would do it this way,

@EJB SimpleBean bean;

In this case I am not setting any principal or role myself. So how would they be available when the ejb method is called?

J J Wright
Ranch Hand

Joined: Jul 02, 2008
Posts: 254
The principal is set once the client is authenticated by the container. The application doesn't set the caller principal. Roles and principals are part of the security domain configured in the container or other network infrastructure.

Read the Java Authentication and Authorization Service (JAAS) documentation to get a better understanding of this -

nitin pai
Ranch Hand

Joined: May 30, 2006
Posts: 185
Thanks Jonathan,

Can you also tell me what should be done if I want to call the EJB from my servlet and also make the container set the principal and role.
I agree. Here's the link:
subject: Doubt in EJB 3 Security
It's not a secret anymore!