O'Reilly logo

J2EE™ Security for Servlets, EJBs and Web Services: Applying Theory and Standards to Practice by Pankaj Kumar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Declarative Security for EJBs

We learned how a bean method can determine whether the user associated with the calling program has a particular role or not by invoking the method isCallerInRole(String roleName) on the javax.ejb.EJBContext object. The bean gets reference to EJBContext object when the container calls the method setSessionContext() of the bean during initialization, passing the reference as the method argument.

Note that it is the bean provider who selects this role name and associates certain implicit privileges by taking actions based on the role of the caller. This is done at the individual bean level and not at the application level. An application may use beans from many different sources and may need to have different role ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required