This week's giveaway is in the Spring forum.
We're giving away four copies of REST with Spring (video course) and have Eugen Paraschiv on-line!
See this thread for details.
The moose likes EJB Certification (SCBCD/OCPJBCD) and the fly likes Doubt in EJB 3 Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of REST with Spring (video course) this week in the Spring forum!
JavaRanch » Java Forums » Certification » EJB Certification (SCBCD/OCPJBCD)
Bookmark "Doubt in EJB 3 Security" Watch "Doubt in EJB 3 Security" New topic

Doubt in EJB 3 Security

nitin pai
Ranch Hand

Joined: May 30, 2006
Posts: 185
I want to know where is the principal and role of the caller, set, when an EJB is called. I have read the security chapter in EJB but it only mentions the two methods getCallerPrincipal() and isCallerInRole(). But who is responsible for setting them?

Lets say I want to call an EJB method from a servlet. I would do it this way,

@EJB SimpleBean bean;

In this case I am not setting any principal or role myself. So how would they be available when the ejb method is called?

J J Wright
Ranch Hand

Joined: Jul 02, 2008
Posts: 254
The principal is set once the client is authenticated by the container. The application doesn't set the caller principal. Roles and principals are part of the security domain configured in the container or other network infrastructure.

Read the Java Authentication and Authorization Service (JAAS) documentation to get a better understanding of this -

nitin pai
Ranch Hand

Joined: May 30, 2006
Posts: 185
Thanks Jonathan,

Can you also tell me what should be done if I want to call the EJB from my servlet and also make the container set the principal and role.
I agree. Here's the link:
subject: Doubt in EJB 3 Security
jQuery in Action, 3rd edition