Home Interface Business Methods

Security Changes

Access to an enterprise bean's methods can be restricted declaratively by assigning method permissions in the deployment descriptor. These permissions define the security roles that may call particular methods. It's also possible to enforce restrictions or modify a bean's behavior programmatically using calls to the isCallerInRole method of the EJBContext . These EJB security characteristics are unchanged from EJB 1.1. What's different is the control you have over the security identity associated with a call.

Prior to EJB 2.0, the principal associated with a caller was always the security identity checked to determine if a particular EJB method could be called. EJB 2.0 also allows you to include an entry in the deployment descriptor that specifies a security principal to be associated with all calls made by an enterprise bean in place of the caller's security identity. A client still must have any permissions required to call a particular beans method. However, you can specify a principal that applies to any calls to other methods (or beans) that a particular bean makes. This option gives the application assembler greater control of how method restrictions on an enterprise bean affect the behavior of an application.

For more information on specifying a security principal, see "Using Security with Enterprise JavaBeans and J2EE," p. 399 .