Dear Expert Group members,
as I understand, there is no portable way for server-side programmatic
authentication , i.e. to
call a role-protected EJB from un-authenticated servercode, e.g. JEE 7
batches, timer beans, un-authenticated session beans or JMX beans.
(Weblogic Server provides a non-portable Programmatic Authentication
API [1])
Will Java EE Security API standardize this important feature?
Best regards,
Juergen Weber
[1]
https://docs.oracle.com/middleware/1221/wls/SCPRG/thin_client.htm#SCPRG
221