[CONF] OpenEJB 3.0.x documentation > Basics - Security

[confluence]

Basics - Security Page edited by Trenton D. Adams This section is under construction, please check back later. Related Documents Security - login module configuration Security Annotations - EJB3 related annotation based security. Server Side Security There's a few things that should be noted about security from the server side perspective. Security Propagation Note, this is partially documented in the EJB 3 spec section 14.8.1.1. Once a remote bean has been instantiated, from within the container, it inherits the entire security context, and all roles will be inherited the same as the method where the bean is being looked up. Creating a new InitialContext with the default constructor will inherit the security context (user, roles, etc), thereby propagating the security through to any server EJB that is looked up using that InitialContext. No properties are required for the InitialContext. For example, here is an EJB that returns another bean, through a remote method call. In this case, the OtherBean instance, will have the same security as MyBean, including the principal (username), roles, etc. import javax.ejb.EJB; import javax.naming.InitialContext; @EJB(name = "otherBean", beanInterface = IOtherBean.class) public class MyBean { public IOtherBean getOtherBean() { InitialContext context = new InitialContext(); return (IOtherBean) context.lookup("java:comp/env/otherBean"); } } Change Notification Preferences View Online | View Change | Add Comment