The getCallerIdentity and isCallerInRole(java.security.Identity) methods in the EJBContext interface are deprecated in EJB 1.1. Instead of getCallerIdentity, call getCallerPrincipal. Instead of isCallerInRole(java.security.Identity), call isCallerInRole(java.lang.String).
In EAServer Manager, you can configure role references for your component in the Component Properties dialog box. Role references allow you to map names used in isCallerInRole(java.lang.String) calls to role names that exist on the server. Role references allow your component to be deployed on servers that do not have the same security configuration.
Declarative access control for EJB 1.1 components uses method-level settings.
Role Membership folder does not apply to EJB 1.1 or
2.0 components
The Role Membership folder for packages and components in
EAServer Manager does not apply to EJB 1.1 or 2.0 components. There
are two ways to control which clients can call EJB component methods:
You can use the Permissions tab in the Method Properties dialog box to configure access declaratively for each method. To limit access to all of a component’s remote interface methods, configure the permissions for the home-interface create and finder methods.
You can configure additional access control programmatically by calling the getCallerPrincipal and isCallerInRole methods in the component implementation. Programmatic access control enhances declarative access control, but does not replace it.
Configuring method permissions
Method permissions allow you to restrict access without writing code. Configure method permissions as follows:
If necessary, define new EAServer roles to be used by callers of the component.
Verify that J2EE roles are mapped to EAServer roles in the properties of the package where the component is installed; check the Role Mappings tab in the Package Properties window. You must map a J2EE role name for each role to be used in method permissions.
For each method that requires limited access, display the Method Properties dialog and highlight the Permissions tab. A check box displays for each mapped J2EE role in the package that contains the component. Select the check box by each role that can call the method.
Role references are required if you call the isCallerInRole Java method to restrict access. Each reference maps a string used in isCallerInRole calls to a J2EE role that is configured in the package Role Mappings. To configure role references:
If necessary, define new EAServer roles to be used by callers of the component.
Verify that J2EE roles are mapped to EAServer roles in the properties of the package where the component is installed; check the Role Mappings tab in the Package Properties window. You must map a J2EE role name for each role to be used in role references.
For each component that calls the isCallerInRole method, display the Component Properties dialog and highlight the Role Refs tab. Add or modify roles as follows:
To add a role, click Add and edit the new entry as described below.
To modify a role, edit the Reference Name (used in isCallerInRole calls), and choose the mapped J2EE role (configured in the properties of the package where the component is installed).
