background image

Accessing an Enterprise Bean

<< Securing Enterprise Beans | EJBContext Interface >>
<< Securing Enterprise Beans | EJBContext Interface >>

Accessing an Enterprise Bean

Although transparent to the application developer, the EJB container provides system-level
services such as transactions and security to its enterprise beans. These services enable you to
quickly build and deploy enterprise beans, which form the core of transactional Java EE
applications.
The following sections describe declarative and programmatic security mechanisms that can be
used to protect enterprise bean resources. The protected resources include methods of
enterprise beans that are called from application clients, web components, or other enterprise
beans. This section assumes that you have read
Chapter 20, "Enterprise Beans"
and
Chapter 21,
"Getting Started with Enterprise Beans"
before starting this section.
You can protect enterprise beans by doing the following:
"Accessing an Enterprise Bean Caller's Security Context" on page 799
"Declaring Security Role Names Referenced from Enterprise Bean Code" on page 801
"Defining a Security View of Enterprise Beans" on page 804
"Using Enterprise Bean Security Annotations" on page 815
"Using Enterprise Bean Security Deployment Descriptor Elements" on page 816
"Configuring IOR Security" on page 817
"Deploying Secure Enterprise Beans" on page 819
Two example applications demonstrate adding security to enterprise beans. These example
applications are discussed in the following sections:
"Example: Securing an Enterprise Bean" on page 820
"Example: Using the isCallerInRole and getCallerPrincipal Methods" on page 826
You should also read JSR-220: Enterprise JavaBeans 3.0 for more information on this topic. This
document can be downloaded from
http://jcp.org/en/jsr/detail?id=220
. Chapter 16 of
this specification, Security Management, discusses security management for enterprise beans.
Accessing an Enterprise Bean Caller's Security Context
In general, security management should be enforced by the container in a manner that is
transparent to the enterprise beans' business methods. The security API described in this
section should be used only in the less frequent situations in which the enterprise bean business
methods need to access the security context information.
Securing Enterprise Beans
Chapter 29 · Securing Java EE Applications
799