O'Reilly logo

J2EE™ Security for Servlets, EJBs and Web Services: Applying Theory and Standards to Practice by Pankaj Kumar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

EJB Security and J2SE Access Control

As an attentive reader, you must have noticed the semantic similarity between java policy files of JAAS and the portions a bean deployment descriptor that specify method level access control. The former grants certain permissions based on the identity of the current user, among other things, and is enforced by the security manager. The later specifies permission to invoke certain methods based on the identity of the current user and is enforced by the container. How are these two mechanisms different, besides the obvious difference in the syntax?

Let us understand this relationship by answering the following question.

Is the identity returned by getCallerPrinicpal() in a bean related to the Subject associated ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required