Propagating identity

In certain situations, the identity of the user may need to be changed to enable a different, possibly more powerful, role. Consider the following analogy:

If you are familiar with the way most operating systems work, a user is not permitted to directly read or write to a file. Low-level access to the file is restricted. When a user needs to read or write to a file, the operating system will verify the individual's access rights to the file and then temporarily grant read/write access privileges to the user. The user assumes a higher level of privilege on a temporary basis.

This is analogous to the use of the @RunAs annotation. It allows a new role to be temporarily assigned to the methods of an EJB.

Getting ready

The steps ...

Get EJB 3.1 Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.