--------------------------------------------------
SECURITY
--------------------------------------------------
1. If a security role is defined but not used in any method-permission elements it does not mean
that the role has permission to invoke all methods. A caller with this role will have the same
rights as a caller without a specified security role.

2. The responsibilities as described in the EJB specification state that the Bean Provider and
Application Assembler should describe all the requirements for the caller's principal management of
inter-enterprise bean invocations as part of the description.

3. The Deployer's Role :-
- Along with the Application Assembler deffine the appropriate security policies for the application.
- Setting up the appropriate security poliicy for the enterprise bean application.
- Along with the System Administrator settting up of the principal delegation in a Container-specific way.

4. isCallerInRole :- It tests whether the caller of the bean belongs to the role that is passed as a parameter to this
method

java.security.Principal getCallerPrincipal();

Returns the principal that represents the CALLER of the enterprise bean, not the principal
that corresponds to the run-as security identity for the bean, if any.

boolean isCallerInRole(String roleName);

Tests the principal that represents the CALLER of the enterprise bean, not the principal
that corresponds to the run-as security identity for the bean, if any.

5. Security Policies can be hard-coded but the bean provider is encouraged to write the business methods
WITHOUT any security logic.