File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes EJB Certification (SCBCD/OCPJBCD) and the fly likes Doubt in EJB 3 Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Certification » EJB Certification (SCBCD/OCPJBCD)
Bookmark "Doubt in EJB 3 Security" Watch "Doubt in EJB 3 Security" New topic
Author

Doubt in EJB 3 Security

nitin pai
Ranch Hand

Joined: May 30, 2006
Posts: 185
I want to know where is the principal and role of the caller, set, when an EJB is called. I have read the security chapter in EJB but it only mentions the two methods getCallerPrincipal() and isCallerInRole(). But who is responsible for setting them?

Lets say I want to call an EJB method from a servlet. I would do it this way,

@EJB SimpleBean bean;
bean.someMethod();


In this case I am not setting any principal or role myself. So how would they be available when the ejb method is called?



J J Wright
Ranch Hand

Joined: Jul 02, 2008
Posts: 254
The principal is set once the client is authenticated by the container. The application doesn't set the caller principal. Roles and principals are part of the security domain configured in the container or other network infrastructure.

Read the Java Authentication and Authorization Service (JAAS) documentation to get a better understanding of this - http://java.sun.com/javase/6/docs/technotes/guides/security/


SCJP, SCWCD, SCBCD, SCEA 5
nitin pai
Ranch Hand

Joined: May 30, 2006
Posts: 185
Thanks Jonathan,

Can you also tell me what should be done if I want to call the EJB from my servlet and also make the container set the principal and role.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Doubt in EJB 3 Security
 
Similar Threads
Security Violation: In Cabin EJB
Security Question about Handle class
role
how to restrict the user in ejb?
MDB: problem using group as principal name when using @RunAs annotation