Reprinted from: http://www.java-.com/technology/technology_detail.jsp? Id = 785
Add functions for Beans EJB context: The portal to the container exists as follows: 1. About the Home object of the bean and the information of the EJB object 2, the current transaction information of beans. 3, for the customer's authorized security information. BEAN can determine the security level required by the customer to perform the security level by querying the environment. 4, bean's environmental properties. The container saves all of this information in a target called EJB Context Object. The EJB context as the physical part of the container, can be accessed by bean. These accesss allow beans to get current status and change the current state. The context can be changed in the life of the bean. EJB1.0 javax.ejb.EJBContext the interface: public interface javax.ejb.EJBContext {public javax.ejb.EJBHome getEJBHome (); public java.util.Properties getEnvironment (); public java.security.Identity getCallerIdentity (); public boolean isCallerInRole (java.security.Identity); public javax.jts.UserTransaction getUserTransaction (); public void setRollbackOnly (); public boolean getRollbackOnly ();} context session bean bean into different context according to: entity context and the session context. They are used for session bean and entity bean javax.ejb.EJBContext public interface javax.ejb.SessionContext extends javax.ejb.EJBContext {public javax.ejb.EJBObject getEJBObject ();} Note: SessionContext EJBContext interface extends the interface, in The method defined in EJBContext provides the access path to the session bean. For session beans, setSessionContext, which is defined in the Javax.ejb.SessionBean interface. For entity beans, call setentityContext. SessionContext.GeteJBObject () In EJB, Beans can be used as a client of other beans. If a bean needs to call additional beans, the getEJBObject () method is required. In Java, the object can save its own reference using this keyword. In EJB, Bean cannot communicate objects using this keyword, because all methods on all customers call beans are indirectly calling the EJB objects of Beans. BEAN can pass itself to the EJB object using this keyword. Understanding the security of EJB First, the client must be identified. Second, the client must be authorized. Step 1: Differentially different EJB containers have different approaches client methods. For example: BEA's WebLogic, provides different usernames and passwords when different client code uses JNDL positioning home objects.
Properties props = System.getProperties (); props.put (Context.SECURITY_PRINCIPAL, "EmployeeA"); props.put (Context.SECURITY_CREDENTIALS, "myPassword1"); Context ctx = new InitialContext (props); // Use the initial context To lookup Home Objects ... EJB does not develop specific specifications, so this affects the portability. To understand this, check the documentation of various containers. When running this code, the application server will verify your username and password, which is the application server specification. Many application servers allow for setting usernames and passwords in the properties file. This file will be read by the application server at runtime. The high-level server supports the integration of the existing verification system. For example, store the username and password list in the LDAP server. Step 2: Authorization can only call methods in the bean only after authorized clients. There are two ways to verify authorization in EJB: Declarative, and Programmatical. That is, all authorization inspections are performed by the container, and an authorization check is performed in the program. When the Declarative Authorization Check, you must declare the authorization needs of Beans in the configuration descriptor. For example, an example using a configuration descriptor for a Wea's WebLogic server: (AccessControllentries SubmitpurchaseOrder [Employees] ApprovePurchaseOrder [Managers]; End AccessControlEntries container will automatically perform security checks at runtime. Point out the java.lang.securityException exception. Programmatic Authorization Check, you must query the EJB context to get the current client's authorization information. CallerinRole (Identity Role) and getCallerIdentity () are called by two methods.