I'm developing a web application with a Glassfish server, where a Servlet uses some EJBs. When reading in the JEE tutorial how the Servlet caller's authenticated identity propagates to the EJB container, you see things like:
There is no way for the target container to authenticate the propagated security identity [...] the target must trust that the calling container has propagated an authenticated security identity. By default, the GlassFish Server is configured to trust identities that are propagated from different containers. Therefore, you do not need to take any special steps to set up a trust relationship.
I feel fine with this in my case, given that the servlet will propagate the identity of the caller to the EJB and so I don't have to do anything special for securing the EJB methods, only specify the roles allowed and that's all, but I wonder what happens when containers are different, for example 2 Glassfish servers on different physical servers, in particular:
- "The GF Server is configured to trust identities that are propagated from different containers" ??? How is it? Isn't it a security hole? Does it mean if a container receives a call to an EJB method with a Principal "John" and role "Admin" from any container it'll trust it??
- How do you configure GF Server to trust/don't trust another container(s)?