Hi friends, I'm trying to understand <security-identity> tag. Let's say that a client calls Bean A,and Bean A in turn calls Bean B ,you want the Bean B to think that someone else is calling. Then we use <run-as > tag right???
So, when do we use <use-caller-identity>??? I think we use this tag , if you want the Bean B to know that Bean A is indeed calling ,not (eventhough Bean A was called by the client initially)someone else.
What my question is in <use-caller-identity/> tag Is the caller here the client or the Bean A.Which caller's identity is used??
I've gone through all the old threads but did not find a good explanation .
Without seucirity-identity, when a client calls a bean, it transmits its identity along with the call. If the bean in turn calls another bean, then it transmits the identity of the caller who called him. Like this, beans A & B (and any other called bean) see the same identity : the caller's one.
This is the default behavior and this is what use-caller-identity does. If you don't specify a security-identity, then use-caller-identity is assumed.
If you use run-as, then when bean A calls bean B, bean A does not use caller identity and pretends to be someone else (usually to get more privileges, do something the caller could not do).