If an Handle is saved and passed to another application or was stolen,
With the handle one can call getEJBObject and narrow it to a specific component
interface.
EJB spec does says that the any attemp to invoke a method on the obtained ejb is subject to the security check.
My question is which PRINCIPAL the ejb container will try to check against. The process to obtain such a EJBObject does not involves programmatically passing any new caller's credentil to container. Does this indicate that it is the oringal principal who created the handle object will be recognized by the container? Is so,whomever got the handle will be able to invoke ejb method on behalf of the creator of the handle.
For me this demonstrate both a security hole or a extended security model for ejb clients.
Any idea?
Thanks,
Thanks,<br />Jack Zhou<br />SCJP, SCJD, SCWCD, SCBCD, SCDJWS,SCEA