[CONF] OpenEJB 3.0.x documentation > Basics - Security

[confluence]

Basics - Security Page edited by Trenton D. Adams This section is under construction, please check back later. Related Documents Security - login modules Security Annotations - EJB3 related annotation based security. Server Side Security There's a few things that should be noted about security from the server side perspective. Security Propagation Note, this is partially documented in the EJB 3 spec section 14.8.1.1. Once a remote bean has been instantiated, it inherits the entire security context, and all roles will be applied as the user that was authenticated Creating a new InitialContext with the default constructor will inherit the security context (user, roles, etc), thereby propagating the security through to any server EJB that is looked up using that InitialContext. No properties are required for the InitialContext. For example, here is an EJB that returns another bean, through a remote method call. If this bean was looked up using an authenticated InitialContext, the OtherBean instance, will have the same security as MyBean, including the principal (username), roles, etc. import javax.ejb.EJB; import javax.naming.InitialContext; @EJB(name = "otherBean", beanInterface = IOtherBean.class) public class MyBean { public IOtherBean getOtherBean() { InitialContext context = new InitialContext(); return (IOtherBean) context.lookup("java:comp/env/otherBean"); } } Change Notification Preferences View Online | View Change | Add Comment