0.18.9b: Security usage scenario: Enterprise beans
When an EJB client application tries to execute a method on an enterprise bean
or its home,
Application Server security must determine whether the client is permitted to
do so. Application Server security takes these steps:
- Identify the principal (client) invoking the method. If the principal cannot
be determined, reject the request.
- Determine which permissions a principal needs to invoke this method.
- Determine whether the principal has the necessary permissions. If the principal
does not have permission, fail the request.
- Consult the delegation policy and determine the identity under which the method
should be executed. Set the security environment so that the method invocation will be
performed under that identity.
Now, suppose a principal named bob attempts to access methods on the
enterprise bean named Account. The principal bob has permission to:
- Create accounts (Account Create)
- Read or view accounts (Account Read)
If bob tries to invoke the getBalance method:
- Application Server identifies bob as the principal.
- Application Server determines that a principal needs the Account Read
permission to invoke the getBalance method of the Account enterprise bean.
- Application Server verifies that bob has the Account Read permission.
It invokes the method.
If bob tries to invoke the setBalance method:
- Application Server identifies bob as the principal.
- Application Server determines that a principal needs the Account Write
permission to invoke the setBalance method of the Account enterprise bean.
- Application Server finds that bob does not have the Account Write permission.
It rejects the request to invoke the method.
Notice that although bob can create accounts (Account Create), bob cannot
edit accounts because bob lacks explicit permission to do so (Account Write).
In other words, a user with a powerful permission such as Create or Write
is not automatically enabled to perform less powerful actions, such as
Read, even if the actions apply to the same resource.
The system administrator must grant explicit permission to a principal
to perform each type of action.