EJB security with dynamic user creation


EJB programming & troubleshooting: EJB security with dynamic user creation

  1. EJB security with dynamic user creation (3 messages)

    how do I create an initial context for a dynamically created user? if I do:
    Properties p = new Properties();
    p.put(Context.SECURITY_PRINCIPAL, "joe");
    p.put(Context.SECURITY_CREDENTIALS, "pass");
    InitialContext ctx = new InitialContext(p);

    but then this requires the user to be pre-defined in the deployment descriptors, is there anyway to get around this with the security context properly propagated to the EJB calls? Thanks!
  2. No.

    The whole "how you add a user dynamically" is very vendor specific and the J2EE spec does not cover it.

  3. Yes, J2EE does not describe on how to deal with dynamic user creation. Still, you should be able to parameterize the user credentials as given below:

    InitiaContext getInitialContext(String username, String password){
      Properties p = new Properties();
      p.put(Context.SECURITY_PRINCIPAL, username);
      p.put(Context.SECURITY_CREDENTIALS, passwd);
      InitialContext ctx = new InitialContext(p);
      return ctx;

    Ofcourse, user credentials must be supplied as part of inputs typically from login screen (propmt) and not as part of EJB deployment descriptor.

    If you are accessing an EJB into another one then user credentials (that were supplied to access first EJB) are implicitly available in the context which can be obtained simply by (within first EJB to access second EJB) coding:

      InitialContext ctx = new InitialContext();

  4. Roles/Groups are in deployment descriptors not user names.