EJB 3.1 Security Authorization while using CDI

Question

In EJB, for security authentication and authorization I find a common method using jndi as follows,

properties.put(Context.SECURITY_PRINCIPAL, "username");
properties.put(Context.SECURITY_CREDENTIALS, "password");
Context ctx = new InitialContext(properties);
Object ref = jndiContext.lookup("SecureBean/remote");
SecureRemoteBusiness remote = (SecureRemoteBusiness)ref;

Question: I would like to know if there are any methods to achieve this while using DI possibly without using any external CDI frameworks. If the only choice is using external CDI frameworks, kindly provide me an example or a reference.

Answer 1

There is nothing in any of the Java EE specs that really address the full authentication and authorization hole, that's the reason things like Spring Security, Apache Shiro, JBoss Picketlink, etc. exist.

As for your question, no, there is not any way to achieve this with DI without using an external framework. Anything that you will find will be proprietary to the server, as Gonzalo Garcia Lasurtegui mentioned.