Win a copy of Practice Tests for OCP Java 17 Certification Exam (1Z0-829) this week in the OCPJP forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Tim Cooke
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Liutauras Vilda
  • Rob Spoor
  • Junilu Lacar
  • paul wheaton
Saloon Keepers:
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
  • Scott Selikoff
  • Piet Souris
  • Jj Roberts
  • fred rosenberger


Ranch Hand
Posts: 71
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In a answer of a question i found : 'Deployer assign principals to the security roles'.
But, what are Principals?
Ranch Hand
Posts: 1683
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A Principal and the identity or identities of the Principal are established as a result of the authentication process which represents the user in the application during further requests. The Java platform specifies two solutions for user authentication to the servers: JAAS (for any Java-based applications) and servlets (for web applications).

It may be useful at this stage to understand that EJB security is all about authorisation, not authentication. So, any authentication is always done before a request hits an EJB server.

The object represents a user's identity. This user object carries only username information in it, not roles or any additional attributes about the logged-on user. For EJB applications, Principals are associated with callers' requests in server-specific ways. J2EE specifications require that for all EJBs in a call chain within the same application the same identity must be returned for all calls to EJBContext.getCallerPrincipal, which should be the same identity as in HttpServletRequest.getUserPrincipal if that is not null. Whereas servlet specifications do allow returning a null Principal, EJB specifications explicitly state that a non-null object should be returned at any time, even for representing an unauthenticated user.

The Application Assembler can, via the deployment descriptor, may change the choice of identities that execute their beans. There is <security-identity> element for that, which has two possible values:

<use-caller-identity>: To force using caller's identity on any method of the bean by propagating it from the caller.

<run-as>: To specify a particular role to run the bean.
pie. tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
    Bookmark Topic Watch Topic
  • New Topic