Message Driven Beans: Security and Transactions
Since MDB clients do not communicate directly with the MDB, the processing of security and transactions is different. When an MDB is invoked, it is invoked by the container for the client, there is no real caller. The container is not aware of the client's principal, security role or transaction mode. While the message may contain some information in its headers about where it originated, the message may have been passed through a number of intermediate servers which can optionally change this message information so the validity of the headers could be dubious. If assuring the validity of the sender is important, then you should consider using digital signatures in the message to verify its authenticity. ...
Get J2EE™ and Beyond: Design, Develop, and Deploy World-Class Java™ Software now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
