10.12.2012 Views

The Java EE 5 Tutorial (PDF) - Oracle Software Downloads

The Java EE 5 Tutorial (PDF) - Oracle Software Downloads

The Java EE 5 Tutorial (PDF) - Oracle Software Downloads

SHOW MORE
SHOW LESS

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

Securing Enterprise Beans<br />

810<br />

Both example applications demonstrate security role mapping. For more information, see<br />

“Example: Securing an Enterprise Bean” on page 818 and “Example: Using the isCallerInRole<br />

and getCallerPrincipal Methods” on page 823.<br />

Propagating Security Identity<br />

You can specify whether a caller’s security identity should be used for the execution of specified<br />

methods of an enterprise bean, or whether a specific run-as identity should be used.<br />

Figure 29–2 illustrates this concept.<br />

FIGURE 29–2 Security Identity Propagation<br />

Application Client<br />

or Web Client<br />

Initiating<br />

Client<br />

<strong>Java</strong> <strong>EE</strong> Security<br />

Identity<br />

EJB<br />

or Web Container EJB Container<br />

Intermediate Target<br />

Propagated<br />

Security Identity<br />

(<strong>Java</strong> <strong>EE</strong>)<br />

In this illustration, an application client is making a call to an enterprise bean method in one<br />

EJB container. This enterprise bean method, in turn, makes a call to an enterprise bean method<br />

in another container. <strong>The</strong> security identity during the first call is the identity of the caller. <strong>The</strong><br />

security identity during the second call can be any of the following options:<br />

■ By default, the identity of the caller of the intermediate component is propagated to the<br />

target enterprise bean. This technique is used when the target container trusts the<br />

intermediate container.<br />

■ A specific identity is propagated to the target enterprise bean. This technique is used when<br />

the target container expects access using a specific identity.<br />

To propagate an identity to the target enterprise bean, configure a run-as identity for the<br />

bean as discussed in “Configuring a Component’s Propagated Security Identity” on<br />

page 811.<br />

Establishing a run-as identity for an enterprise bean does not affect the identities of its<br />

callers, which are the identities tested for permission to access the methods of the enterprise<br />

bean. <strong>The</strong> run-as identity establishes the identity that the enterprise bean will use when it<br />

makes calls.<br />

<strong>The</strong> <strong>Java</strong> <strong>EE</strong> 5<strong>Tutorial</strong> • June 2010

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!