I do not understand how EJB works.
I have a RESTful web service with BASIC authentication. He looks like
@javax.ws.rs.core.Context javax.ws.rs.core.SecurityContext sc;
@GET
@Path("test")
@Produces(MediaType.TEXT_PLAIN)
public String test() throws Exception {
Principal principal = sc.getUserPrincipal();
MyEJBLocal myEjb = (MyEJBLocal) new InitialContext().lookup("java:comp/env/ejb/MyEJBLocal");
return myEjb.test();
}
sc.getUserPrincipal() returns the authenticated user here.
And I have EJB and local interface
@Local
public interface MyEJBLocal {
public String test() throws Exception;
}
@Stateless
public class MyEJB implements MyEJBLocal {
@Resource javax.ejb.SessionContext ctx;
public String test() throws Exception {
java.security.Principal principal = ctx.getCallerPrincipal();
....
}
}
here ctx.getCallerPrincipal()returns anonymity. I do not understand how the principle is configured in SessionContext. Should I do additional authentication? Why do I have a supervisor in SecurityContext and anonymous in SessionContext?
UPD . I create my own SecurityContext and set it to filter(ContainerRequest request) ContainerRequestFilterlike request.setSecurityContext(). I found out why in SessionContext I did not authenticate the user. How can I do something similar to my own SecurityContext for EJB?