J2EE™ Security for Servlets, EJBs and Web Services: Applying Theory and Standards to Practice

EJB Security and J2SE Access Control

As an attentive reader, you must have noticed the semantic similarity between java policy files of JAAS and the portions a bean deployment descriptor that specify method level access control. The former grants certain permissions based on the identity of the current user, among other things, and is enforced by the security manager. The later specifies permission to invoke certain methods based on the identity of the current user and is enforced by the container. How are these two mechanisms different, besides the obvious difference in the syntax?

Let us understand this relationship by answering the following question.

Is the identity returned by getCallerPrinicpal() in a bean related to the Subject associated ...

Get J2EE™ Security for Servlets, EJBs and Web Services: Applying Theory and Standards to Practice now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

J2EE™ Security for Servlets, EJBs and Web Services: Applying Theory and Standards to Practice by Pankaj Kumar

EJB Security and J2SE Access Control

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly