Win a copy of OCP Oracle Certified Professional Java SE 11 Developer Practice Tests this week in the OCP forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Jeanne Boyarsky
  • Ron McLeod
  • Tim Cooke
Sheriffs:
  • Devaka Cooray
  • paul wheaton
  • Mark Herschberg
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Frits Walraven
  • Jj Roberts
Bartenders:
  • Carey Brown
  • salvin francis
  • Piet Souris

Principals??

 
Ranch Hand
Posts: 71
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In a answer of a question i found : 'Deployer assign principals to the security roles'.
But, what are Principals?
 
Ranch Hand
Posts: 1683
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A Principal and the identity or identities of the Principal are established as a result of the authentication process which represents the user in the application during further requests. The Java platform specifies two solutions for user authentication to the servers: JAAS (for any Java-based applications) and servlets (for web applications).

It may be useful at this stage to understand that EJB security is all about authorisation, not authentication. So, any authentication is always done before a request hits an EJB server.

The java.security.Principal object represents a user's identity. This user object carries only username information in it, not roles or any additional attributes about the logged-on user. For EJB applications, Principals are associated with callers' requests in server-specific ways. J2EE specifications require that for all EJBs in a call chain within the same application the same identity must be returned for all calls to EJBContext.getCallerPrincipal, which should be the same identity as in HttpServletRequest.getUserPrincipal if that is not null. Whereas servlet specifications do allow returning a null Principal, EJB specifications explicitly state that a non-null object should be returned at any time, even for representing an unauthenticated user.

The Application Assembler can, via the deployment descriptor, may change the choice of identities that execute their beans. There is <security-identity> element for that, which has two possible values:

<use-caller-identity>: To force using caller's identity on any method of the bean by propagating it from the caller.

<run-as>: To specify a particular role to run the bean.
 
joke time: What is brown and sticky? ... ... ... A stick! Use it to beat this tiny ad!
the value of filler advertising in 2021
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic