EJB‎ > ‎

EJB Security

EJB Container Provided Security

Note that only session beans can be secured with Java EE security services.

Define roles within the system:

public interface Roles {
    String ADMIN = "Administrator";
    String USER = "User";

@DeclareRoles({Roles.ADMIN, Roles.USER})
public class MyClass implements MyClassLocal {
    private void methodThatNobodyCanCall() {...}
    public void methodThatAdminsCanCall() {...}

following notation will allow all users, including unauthenticated anonymous users, to access its following class/method


If the user does not have appropriate permissions a javax.ejb.EJBAccessException will be raised.

Get username of session invoker

private SessionContext context;
final String callerName = context.getCallerPrincipal().getName();

Impersonate (run as another user)

public class OpenClass implements OpenClassLocal, OpenClassRemote {...}