Normally, when a component calls another component, the invocation uses the client’s credentials. You can use identities to specify alternate credentials for intercomponent calls. Identities map logical identity names to a user name, password, and required SSL session characteristics. The identity names are used in the run-as mode settings for components and component methods.
Run-as support enables an EJB 2.0 component to perform method invocations on other components using a specified identity. This identity can be configured at deployment time. In the standard EJB 2.0 deployment descriptor, the run-as property is expressed in terms of a role. The role is a name of a security-role element defined in the same deployment descriptor. It is expected that at deployment time, or when configuring a new EJB, the role name should be defined. Further, the deployer selects an identity that is expected to be present in this role. This identity is used while invoking another EJB. The run-as feature can be enabled in the Web Management Console.
To enable use of the run-as identity for EJB component calls
made in component code, specify corbaname URLs
in the EJB Reference properties for the EJB component that issues
the call. For information on interoperable naming URLs, see Chapter
5, “Interoperability,” in the EAServer EJB
User’s Guide.
Configuring an EJB 2.0 component to run as a different
identity
Modify the config/ejbjar-name.xml file
(where name is the name of the EJB) to use
<run-as>. If you do not
set this property, intercomponent calls use the client identity.
For example:
Recompile the component using the recompile batch file located in the EAServer bin subdirectory.
You can configure a run-as identity application-or server-wide. This provides a convenient way to globally set the run-as identity for all of the EJBs in an application or server.
