Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

use-caller-identity tag in DD

 
shanthisri mocherla
Ranch Hand
Posts: 119
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi friends,
I'm trying to understand <security-identity> tag.
Let's say that a client calls Bean A,and Bean A in turn calls Bean B ,you want the Bean B to think that someone else is calling.
Then we use <run-as > tag right???

So, when do we use <use-caller-identity>???
I think we use this tag , if you want the Bean B to know that Bean A is indeed calling ,not (eventhough Bean A was called by the client initially)someone else.


What my question is in <use-caller-identity/> tag Is the caller here the client or the Bean A.Which caller's identity is used??

I've gone through all the old threads but did not find a good explanation .

thanks for any inputs in advance
shanthisri
 
Frederic Esnault
Ranch Hand
Posts: 284
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Without seucirity-identity, when a client calls a bean, it transmits its identity along with the call. If the bean in turn calls another bean, then it transmits the identity of the caller who called him. Like this, beans A & B (and any other called bean) see the same identity : the caller's one.

This is the default behavior and this is what use-caller-identity does. If you don't specify a security-identity, then use-caller-identity is assumed.

If you use run-as, then when bean A calls bean B, bean A does not use caller identity and pretends to be someone else (usually to get more privileges, do something the caller could not do).
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic