Principals and Roles, Users and Groups
Dan Johnsson authenticates to the system (using his login name and password) and is now represented by an instance of type Principal. In a vendor-specific way, the Deployer has told the EJB application that Dan’s Principal is associated with one or more roles. So whenever Dan, as the client, calls a method on one of the bean’s client interfaces, his Principal (and the roles to which that Principal has been assigned) propagates with the call. That means every call on the (conceptual) call stack will see Dan’s Principal as the caller.
In EJB
Principal
The client, authenticated to the system, is represented by a java.security.Principal object. This Principal is an abstract representation of some thing associated with a name, but there’s no guarantee that the Principal name matches the login name of the client. It all depends on how your system handles security authentication. And don’t be too attached to thinking that a Principal is always a unique individual. Sometimes a Principal represents a larger group like, say, SysAdmin.The Principal is associated with one or more abstract security roles that the App Assembler defined. About the only useful thing a bean can do with a Principal object is get its name (aPrincipal.getName()), but that’s risky, because you won’t be able to know exactly what that name represents unless you know the exact environment in which the bean is running. Yuck.
abstract actor in the system (usually maps to a person)
Role
Get Head First EJB now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
