14.4. EJB Application Security
14.4.1. Security Identity
14.4.1.1. About EJB Security Identity
The security identity, which is also known as invocation identity, refers to the
<security-identity>
tag in the security configuration. It refers to the identity another EJB must use when it invokes methods on components.
The invocation identity can be either the current caller, or it can be a specific role. In the first case, the
<use-caller-identity>
tag is present, and in the second case, the <run-as>
tag is used.
For information about setting the security identity of an EJB, refer to Section 14.4.1.2, “Set the Security Identity of an EJB”.
14.4.1.2. Set the Security Identity of an EJB
Example 14.5. Set the security identity of an EJB to be the same as its caller
This example sets the security identity for method invocations made by an EJB to be the same as the current caller's identity. This behavior is the default if you do not specify a
<security-identity>
element declaration.
<ejb-jar> <enterprise-beans> <session> <ejb-name>ASessionBean</ejb-name> <!-- ... --> <security-identity> <use-caller-identity/> </security-identity> </session> <!-- ... --> </enterprise-beans> </ejb-jar>
Example 14.6. Set the security identity of an EJB to a specific role
To set the security identity to a specific role, use the
<run-as>
and <role-name>
tags inside the <security-identity>
tag.
<ejb-jar> <enterprise-beans> <session> <ejb-name>RunAsBean</ejb-name> <!-- ... --> <security-identity> <run-as> <description>A private internal role</description> <role-name>InternalRole</role-name> </run-as> </security-identity> </session> </enterprise-beans> <!-- ... --> </ejb-jar>
By default, when you use
<run-as>
, a principal named anonymous
is assigned to outgoing calls. To assign a different principal, uses the <run-as-principal>
.
<session> <ejb-name>RunAsBean</ejb-name> <security-identity> <run-as-principal>internal</run-as-principal> </security-identity> </session>
Note
You can also use the
<run-as>
and <run-as-principal>
elements inside a servlet element.
See also: