Accessing an Enterprise Bean
Accessing an Enterprise Bean
Although transparent to the application developer, the EJB container provides system-level
services such as transactions and security to its enterprise beans. These services enable you to
quickly build and deploy enterprise beans, which form the core of transactional Java EE
applications.
The following sections describe declarative and programmatic security mechanisms that can be
used to protect enterprise bean resources. The protected resources include methods of
enterprise beans that are called from application clients, web components, or other enterprise
beans. This section assumes that you have read
and
before starting this section.
You can protect enterprise beans by doing the following:
Two example applications demonstrate adding security to enterprise beans. These example
applications are discussed in the following sections:
You should also read JSR-220: Enterprise JavaBeans 3.0 for more information on this topic. This
document can be downloaded from
this specification, Security Management, discusses security management for enterprise beans.
Accessing an Enterprise Bean Caller's Security Context
In general, security management should be enforced by the container in a manner that is
transparent to the enterprise beans' business methods. The security API described in this
section should be used only in the less frequent situations in which the enterprise bean business
methods need to access the security context information.
Securing Enterprise Beans
Chapter 29 · Securing Java EE Applications
799