Prev | Next | J2EETM Developer's Guide
Security |
Some applications have special security requirements. For example, an application might make authorization decisions based on the time of day, the parameters of a call, or the internal state of an enterprise bean. Another application might restrict access based on user information stored in a database. If your application has special security requirements, you may want to take advantage of the APIs described in the following sections.
getCallerPrincipal
method of the EJBContext
interface returns the java.security.Principal
object that identifies the caller of the enterprise bean. (In this case, a principal is the same as a user.) In the following example, the getUser
method of an enterprise bean returns the name of the J2EE user that invoked it:
To determine the caller of a servlet, you invoke thepublic String getUser() { return context.getCallerPrincipal().getName(); } . . . public void setSessionContext(SessionContext context) { this.context = context; }
getUserPrincipal
method.
isCallerInRole
method:
You should declare the coded name (Customer) in the Security dialog box of the New Enterprise Bean wizard of the Application Deployment Tool. When you are ready to deploy the application, you must link the coded name with a role name. For example, to link the Customer coded name with the Buyer role name, you would follow these steps:boolean result = context.isCallerInRole("Customer");
1. Select the Security tabbed pane of the enterprise bean.
2. If the Customer entry does not appear in the Coded Name column, click Add and enter Customer in that column.
3. If the Buyer role name is not listed in the Method Permissions table, click Edit Roles and add Buyer in the Editing Roles dialog box.
4. Go to the table at the top of the Security tabbed pane and locate the row that lists Customer in the Coded Name column. In that row, select Buyer from the Role Name combo box.Because a coded name is linked to a role name, you may change the role name later on without having to change the coded name. For example, if you were to change the role name from Buyer to Shopper, you wouldn't have to change the Customer name in the code. However, you would have to relink the Customer coded name to the Shopper role name.
To determine the caller's role for a servlet, you invoke the isUserInRole
method.