💖Programmatic Security with EJBs

• javax.EJBContext.getCallerprincipal() and javax.ejb.EJBContext.isCallerlnRol() methods can be used to implement programmatic security in EJBs

getCallerPrincipal

• By using the method getCallerPrincipal(), the EJB caller can be determined
• If one exists in the subject of calling user, WLSUser principal is returned by method javax.ejb.EJBContext.getCallerPrincipal()
• If there are multiple WLSUser Principals, the first one in Subject.getPrincipals().iterator() method returned
• In case there are no WLSUser Principals, the first non-WLGroup Principal will be returned by method getCallPrincipal()
• If principals are not present or all principals belong to WLSGroup the method returns weblogic.security.WLSGroup, the method returns weblogic.security.WLSPrincipals.getAnonymousUserPrincipal()

isCallerInRole

• This method determines whether the caller is assigned a security role and authorized to perform actions on the resource of WebLogic in the executing thread
  
  Example, javax.ejb.EJBContext.isCallerInRole(“admin") returns true if the current user has admin Privileges