This topic has not yet been written. The content below is from the topic description.
Figure 1.2, “The security-identity element� describes the element, its child elements, and attributes. [Image http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/5/html/Security_Guide/images/j2ee_security_identity.jpg] Figure 1.2. The security-identity element The invocation identity can be that of the current caller, or it can be a specific role. The application assembler uses the element with a child element. This indicate that the current caller's identity should be propagated as the security identity for method invocations made by the EJB. Propagation of the caller's identity is the default used in the absence of an explicit element declaration. Alternatively, the application assembler can use the or child element to specify that a specific security role supplied by the element value must be used as the security identity for method invocations made by the EJB. Note that this does not change the caller's identity as seen by the EJBContext.getCallerPrincipal() method. Rather, the caller's security roles are set to the single role specified by the or element value. One use case for the element is to prevent external clients from accessing internal EJBs. You configure this behavior by assigning the internal EJB elements, which restrict access to a role never assigned to an external client. EJBs that must in turn use internal EJBs are then configured with a or equal to the restricted role.