Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Principals??

 
Marco Lombardo
Ranch Hand
Posts: 71
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In a answer of a question i found : 'Deployer assign principals to the security roles'.
But, what are Principals?
 
Roger Chung-Wee
Ranch Hand
Posts: 1683
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A Principal and the identity or identities of the Principal are established as a result of the authentication process which represents the user in the application during further requests. The Java platform specifies two solutions for user authentication to the servers: JAAS (for any Java-based applications) and servlets (for web applications).

It may be useful at this stage to understand that EJB security is all about authorisation, not authentication. So, any authentication is always done before a request hits an EJB server.

The java.security.Principal object represents a user's identity. This user object carries only username information in it, not roles or any additional attributes about the logged-on user. For EJB applications, Principals are associated with callers' requests in server-specific ways. J2EE specifications require that for all EJBs in a call chain within the same application the same identity must be returned for all calls to EJBContext.getCallerPrincipal, which should be the same identity as in HttpServletRequest.getUserPrincipal if that is not null. Whereas servlet specifications do allow returning a null Principal, EJB specifications explicitly state that a non-null object should be returned at any time, even for representing an unauthenticated user.

The Application Assembler can, via the deployment descriptor, may change the choice of identities that execute their beans. There is <security-identity> element for that, which has two possible values:

<use-caller-identity>: To force using caller's identity on any method of the bean by propagating it from the caller.

<run-as>: To specify a particular role to run the bean.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic