aspose file tools*
The moose likes EJB Certification (SCBCD/OCPJBCD) and the fly likes Doubt in EJB 3 Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Certification » EJB Certification (SCBCD/OCPJBCD)
Bookmark "Doubt in EJB 3 Security" Watch "Doubt in EJB 3 Security" New topic
Author

Doubt in EJB 3 Security

nitin pai
Ranch Hand

Joined: May 30, 2006
Posts: 185
I want to know where is the principal and role of the caller, set, when an EJB is called. I have read the security chapter in EJB but it only mentions the two methods getCallerPrincipal() and isCallerInRole(). But who is responsible for setting them?

Lets say I want to call an EJB method from a servlet. I would do it this way,

@EJB SimpleBean bean;
bean.someMethod();


In this case I am not setting any principal or role myself. So how would they be available when the ejb method is called?



J J Wright
Ranch Hand

Joined: Jul 02, 2008
Posts: 254
The principal is set once the client is authenticated by the container. The application doesn't set the caller principal. Roles and principals are part of the security domain configured in the container or other network infrastructure.

Read the Java Authentication and Authorization Service (JAAS) documentation to get a better understanding of this - http://java.sun.com/javase/6/docs/technotes/guides/security/


SCJP, SCWCD, SCBCD, SCEA 5
nitin pai
Ranch Hand

Joined: May 30, 2006
Posts: 185
Thanks Jonathan,

Can you also tell me what should be done if I want to call the EJB from my servlet and also make the container set the principal and role.
 
Don't get me started about those stupid light bulbs.
 
subject: Doubt in EJB 3 Security
 
Similar Threads
MDB: problem using group as principal name when using @RunAs annotation
how to restrict the user in ejb?
Security Question about Handle class
Security Violation: In Cabin EJB
role