1 | The bean provider and application assembler describes the caller's principal management of inter-enterprise bean invocations in the deployment descriptor. If nothing is specified, the principal associated with the client is propagated. |
2 | Even though the bean implementation should not contain any hard-coded security restrictions, it might want to obtain the caller's role to fulfill the required security in case it is not possible to describe in the deployment descriptor. Or it may use this information for other purposes such as sale representative performance screening. |