I'm studying for SCBCD JEE6 and I saw in the objectives something that I can't understand.
I know there's a login method with Servlets, but with EJB ?
[ ] Understand the Java EE security architecture
[ ] Authenticate the caller Examine Java EE authorization strategies
[ ] Use declarative authorization
[ ] Use programmatic authorization Examine the responsibilities of the deployer
No, authentication information is not always passed from the front end to an EJB.
For example, think of the case when you expose a web service with an endpoint implementation class being an stateless session bean.
In such a case, the authentication information has to be passed to the web service in one way or another.