Declarative Security for EJBs
We learned how a bean method can determine whether the user associated with the calling program has a particular role or not by invoking the method isCallerInRole(String roleName) on the javax.ejb.EJBContext object. The bean gets reference to EJBContext object when the container calls the method setSessionContext() of the bean during initialization, passing the reference as the method argument.
Note that it is the bean provider who selects this role name and associates certain implicit privileges by taking actions based on the role of the caller. This is done at the individual bean level and not at the application level. An application may use beans from many different sources and may need to have different role ...
Get J2EE™ Security for Servlets, EJBs and Web Services: Applying Theory and Standards to Practice now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.