RMI-P4 clients authenticate themselves to the naming system on AS Java when the InitialContext is obtained. The authentication is performed using the BASIC authentication scheme, that is, by username and password. The client's identity is checked against the security role settings from the naming system policy configuration in the Security Provider Service to determine whether it can obtain the InitialContext . By default, all users of AS Java can obtain the InitialContext and perform lookup operations from it.
Providing the Client Credentials
The username and password of the RMI-P4 client are provided as environment properties in the source code when the InitialContext is obtained. The variables that must be used are javax.naming.Context.SECURITY_PRINCIPAL with the username as the value, and javax.naming.Context.SECURITY_CREDENTIALS with the user password as the value.
Propagating the Client Credentials to the Server-side Remote Objects
If the server-side remote objects define their own security requirements, the RMI-P4 client credentials available to the InitialContext are propagated to them in order to determine access rights to business methods. The server-side remote objects can be:
These define role-based access restrictions using the EJB application deployment descriptors.
These must define access restrictions using the appropriate APIs in their own code.