Why and when to perform this task
Programmatic security is used by security-aware applications when declarative security alone is not sufficient to express the security model of the application. The javax.ejb.EJBContext interface provides two methods whereby the bean provider can access security information about the enterprise bean caller.You can enable a login module to indicate which principal class is returned by these calls.
When the isCallerInRole() method is used, declare a security-role-ref element in the deployment descriptor with a role-name subelement containing the role name passed to this method. Since actual roles are created during the assembly stage of the application, you can use a logical role as the role name and provide enough hints to the assembler in the description of the security-role-ref element to link that role to actual role. During assembly, assembler creates a role-link sub element to link the role-name to the actual role. Creation of a security-role-ref element is possible if development tools such as Rational Web Developer is used. You also can create the security-role-ref element during the assembly stage using an assembly tool.
Steps for this task
Result
A programmatically secured EJB application.Example
getCallerPrincipal()<security-role-ref>
<description>Provide hints to assembler for linking this role-name to
actual role here<\description>
<role-name>Mgr<\role-name>
</security-role-ref>
<security-role-ref>
<description>Hints provided by developer to map role-name to role-link</description>
<role-name>Mgr</role-name>
<role-link>Manager</role-link>
</security-role-ref>
public class aSessionBean implements SessionBean {
.....
// SessionContext extends EJBContext. If it is entity bean use EntityContext
javax.ejb.SessionContext context;
// The following method will be called by the EJB container
// automatically
public void setSessionContext(javax.ejb.SessionContext ctx) {
context = ctx; // save the session bean's context
}
....
private void aBusinessMethod() {
....
// to get bean's caller using getCallerPrincipal()
java.security.Principal principal = context.getCallerPrincipal();
String callerId= principal.getName();
// to check if bean's caller is granted Mgr role
boolean isMgr = context.isCallerInRole("Mgr");
// use the above information in any way as needed by the
//application
....
}
....
}
What to do next
After developing an application, use an assembly tool to create roles and to link the actual roles to role names in the security-role-ref elements. For more information, see Securing enterprise bean applications.Related tasks
Securing enterprise bean applications
Related reference
Security: Resources for learning