• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Bear Bibeault
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Tim Cooke
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Jj Roberts
  • Carey Brown
  • salvin francis
  • Frits Walraven
  • Piet Souris

use-caller-identity tag in DD

Ranch Hand
Posts: 119
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi friends,
I'm trying to understand <security-identity> tag.
Let's say that a client calls Bean A,and Bean A in turn calls Bean B ,you want the Bean B to think that someone else is calling.
Then we use <run-as > tag right???

So, when do we use <use-caller-identity>???
I think we use this tag , if you want the Bean B to know that Bean A is indeed calling ,not (eventhough Bean A was called by the client initially)someone else.

What my question is in <use-caller-identity/> tag Is the caller here the client or the Bean A.Which caller's identity is used??

I've gone through all the old threads but did not find a good explanation .

thanks for any inputs in advance
Ranch Hand
Posts: 284
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Without seucirity-identity, when a client calls a bean, it transmits its identity along with the call. If the bean in turn calls another bean, then it transmits the identity of the caller who called him. Like this, beans A & B (and any other called bean) see the same identity : the caller's one.

This is the default behavior and this is what use-caller-identity does. If you don't specify a security-identity, then use-caller-identity is assumed.

If you use run-as, then when bean A calls bean B, bean A does not use caller identity and pretends to be someone else (usually to get more privileges, do something the caller could not do).
I claim this furniture in the name of The Ottoman Empire! You can keep this tiny ad:
the value of filler advertising in 2020
    Bookmark Topic Watch Topic
  • New Topic