10.12.2012 Views

The Java EE 5 Tutorial (PDF) - Oracle Software Downloads

The Java EE 5 Tutorial (PDF) - Oracle Software Downloads

The Java EE 5 Tutorial (PDF) - Oracle Software Downloads

SHOW MORE
SHOW LESS

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

Securing Enterprise Beans<br />

810<br />

Both example applications demonstrate security role mapping. For more information, see<br />

“Example: Securing an Enterprise Bean” on page 818 and “Example: Using the isCallerInRole<br />

and getCallerPrincipal Methods” on page 823.<br />

Propagating Security Identity<br />

You can specify whether a caller’s security identity should be used for the execution of specified<br />

methods of an enterprise bean, or whether a specific run-as identity should be used.<br />

Figure 29–2 illustrates this concept.<br />

FIGURE 29–2 Security Identity Propagation<br />

Application Client<br />

or Web Client<br />

Initiating<br />

Client<br />

<strong>Java</strong> <strong>EE</strong> Security<br />

Identity<br />

EJB<br />

or Web Container EJB Container<br />

Intermediate Target<br />

Propagated<br />

Security Identity<br />

(<strong>Java</strong> <strong>EE</strong>)<br />

In this illustration, an application client is making a call to an enterprise bean method in one<br />

EJB container. This enterprise bean method, in turn, makes a call to an enterprise bean method<br />

in another container. <strong>The</strong> security identity during the first call is the identity of the caller. <strong>The</strong><br />

security identity during the second call can be any of the following options:<br />

■ By default, the identity of the caller of the intermediate component is propagated to the<br />

target enterprise bean. This technique is used when the target container trusts the<br />

intermediate container.<br />

■ A specific identity is propagated to the target enterprise bean. This technique is used when<br />

the target container expects access using a specific identity.<br />

To propagate an identity to the target enterprise bean, configure a run-as identity for the<br />

bean as discussed in “Configuring a Component’s Propagated Security Identity” on<br />

page 811.<br />

Establishing a run-as identity for an enterprise bean does not affect the identities of its<br />

callers, which are the identities tested for permission to access the methods of the enterprise<br />

bean. <strong>The</strong> run-as identity establishes the identity that the enterprise bean will use when it<br />

makes calls.<br />

<strong>The</strong> <strong>Java</strong> <strong>EE</strong> 5<strong>Tutorial</strong> • June 2010

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!