This section is under construction, please check back later.
Security - login module configuration Security Annotations - EJB3 related annotation based security.
There's a few things that should be noted about security from the server side perspective.
Note, this is partially documented in the EJB 3 spec section 14.8.1.1.
InitialContext
, or via injection, will inherit
the security context (user, roles, etc), thereby propagating the security
through to any container bean in the chain of method calls.InitialContext
, and you MUST be
calling the no args constructor only. There are documents elsewhere that
describe using the OpenEJB initial context factories and such, with
usernames and passwords, etc; it should be noted that this method of using
the factories is OpenEJB specific, to facilitate non-standard clients not
running in an EJB container, etc.For example, here is an EJB that returns another bean, through a remote method call. In this case, the OtherBean instance, will have the same security as MyBean, including the principal (username), roles, etc.
import javax.ejb.EJB;
import javax.naming.InitialContext;
@EJB(name = "otherBean", beanInterface = IOtherBean.class)
public class MyBean
{
public IOtherBean getOtherBean()
{
InitialContext context = new InitialContext();
return (IOtherBean) context.lookup("java:comp/env/otherBean");
}
}