Security
Multiuser applications are likely to expose a wide variety of operations, and not all callers are created equal. An unsecured banking system won’t discriminate between a teller and a branch manager when confronted with a request to approve a loan, and manually baking this logic into the business method mixes two concerns. EJB therefore provides a role-based security mechanism that bolsters existing application code with a set of security policies governed by the Container (Figure 3-4).

Figure 3-4. EJB Security permitting access based upon the caller’s role
This allows the application developer to explicitly allow or deny access at a fine-grained level based upon the caller’s identity.
We’ll delve into the security model in Chapter 15.
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access