Identify the user for secure access to EJB methods
12.1.10. RunAsIdentity Creation In order for JBoss Enterprise Application Platform to secure access to EJB methods, the user's identity must be known at the time the method call is made. A user's identity in the server is represented either by a javax.security.auth.Subject instance or an org.jboss.security.RunAsIdentity instance. Both these classes store one or more principals that represent the identity and a list of roles that the identity possesses. In the case of the javax.security.auth.Subject a list of credentials is also stored. In the section of the ejb-jar.xml deployment descriptor, you specify one or more roles that a user must have to access the various EJB methods. A comparison of these lists reveals whether the user has one of the roles necessary to access the EJB method.