0.18.9b: Security usage scenario: Enterprise beans

When an EJB client application tries to execute a method on an enterprise bean or its home, Application Server security must determine whether the client is permitted to do so. Application Server security takes these steps:

  1. Identify the principal (client) invoking the method. If the principal cannot be determined, reject the request.
  2. Determine which permissions a principal needs to invoke this method.
  3. Determine whether the principal has the necessary permissions. If the principal does not have permission, fail the request.
  4. Consult the delegation policy and determine the identity under which the method should be executed. Set the security environment so that the method invocation will be performed under that identity.

Now, suppose a principal named bob attempts to access methods on the enterprise bean named Account. The principal bob has permission to:

If bob tries to invoke the getBalance method:

  1. Application Server identifies bob as the principal.
  2. Application Server determines that a principal needs the Account Read permission to invoke the getBalance method of the Account enterprise bean.
  3. Application Server verifies that bob has the Account Read permission. It invokes the method.

If bob tries to invoke the setBalance method:

  1. Application Server identifies bob as the principal.
  2. Application Server determines that a principal needs the Account Write permission to invoke the setBalance method of the Account enterprise bean.
  3. Application Server finds that bob does not have the Account Write permission. It rejects the request to invoke the method.

Notice that although bob can create accounts (Account Create), bob cannot edit accounts because bob lacks explicit permission to do so (Account Write).

In other words, a user with a powerful permission such as Create or Write is not automatically enabled to perform less powerful actions, such as Read, even if the actions apply to the same resource.

The system administrator must grant explicit permission to a principal to perform each type of action.