Accessing Unprotected Enterprise Beans
Accessing Unprotected Enterprise Beans
In the Application Server, you must specify the name and password that an unauthenticated
user will use to log in by modifying the Application Server using the Admin Console:
1. Start the Application Server, then the Admin Console.
2. Expand the Configuration node.
3. Select the Security node.
4. On the Security page, set the Default Principal and Default Principal Password values.
Accessing Unprotected Enterprise Beans
If the deployer has granted full access to a method, any user or group can invoke the method.
Conversely, the deployer can deny access to a method.
To modify which role can be used in applications to grant authorization to anyone, specify a
value for Anonymous Role. To set the Anonymous Role field, follow these steps:
1. Start the Application Server, then the Admin Console.
2. Expand the Configuration node.
3. Select the Security node.
4. On the Security page, specify the Anonymous Role value.
Enterprise Bean Example Applications
The following example applications demonstrate adding security to enterprise beans
applications:
demonstrates adding basic login
authentication to an enterprise bean application.
demonstrates the use of the getCallerPrincipal() and isCallerInRole(String role)
methods.
provides a brief discussion of
how the Duke's Bank example provides security in that application.
Example: Securing an Enterprise Bean
This section discusses how to configure an enterprise bean for username-password
authentication. When a bean that is constrained in this way is requested, the server requests a
user name and password from the client and verifies that the user name and password are valid
by comparing them against a database of authorized users on the Application Server.
If the topic of authentication is new to you, please refer to the section titled
Enterprise Bean Example Applications
The Java EE 5 Tutorial · September 2007
820
