| Title: Basics - Security |
| This section is under construction, please check back later. |
| |
| <a name="Basics-Security-RelatedDocuments"></a> |
| ## Related Documents |
| |
| [Security](security.html) |
| \- login module configuration |
| [Security Annotations](security-annotations.html) |
| \- EJB3 related annotation based security. |
| |
| <a name="Basics-Security-ServerSideSecurity"></a> |
| ## Server Side Security |
| |
| There's a few things that should be noted about security from the server |
| side perspective. |
| |
| <a name="Basics-Security-SecurityPropagation"></a> |
| ### Security Propagation |
| Note, this is partially documented in the EJB 3 spec section 14.8.1.1. |
| |
| 1. Once a remote bean has been instantiated, from within the container, it |
| inherits the entire security context, and all roles will be inherited the |
| same as the method where the bean is being looked up. |
| 1. Looking up a bean via an `InitialContext`, or via injection, will inherit |
| the security context (user, roles, etc), thereby propagating the security |
| through to any container bean in the chain of method calls. |
| 1. No properties are allowed for the `InitialContext`, and you *MUST* be |
| calling the no args constructor only. There are documents elsewhere that |
| describe using the OpenEJB initial context factories and such, with |
| usernames and passwords, etc; it should be noted that this method of using |
| the factories is OpenEJB specific, to facilitate non-standard clients not |
| running in an EJB container, etc. |
| |
| For example, here is an EJB that returns another bean, through a remote |
| method call. In this case, the *OtherBean* instance, will have the same |
| security as *MyBean*, including the principal (username), roles, etc. |
| |
| |
| import javax.ejb.EJB; |
| import javax.naming.InitialContext; |
| |
| @EJB(name = "otherBean", beanInterface = IOtherBean.class) |
| public class MyBean |
| { |
| public IOtherBean getOtherBean() |
| { |
| InitialContext context = new InitialContext(); |
| return (IOtherBean) context.lookup("java:comp/env/otherBean"); |
| } |
| } |
| |