2 Replies Latest reply on Jan 29, 2005 2:57 PM by starksm64

Caller principal

john.howard9 Jan 27, 2005 5:37 AM

Is there anyway to get the caller principle if we don't have the SessionContext. We're using a AOP intercept to apply access control to session bean method calls and we need the principal and role information (e.g. isCallerInRole) to determine the access rights. This has to be done without modification to the existing session beans.

Thanks,

John.

1. Re: Caller principal

sharris Jan 28, 2005 12:08 PM (in response to john.howard9)

I believe it works this way: The SecurityProxy that you write as part of the AOP should implement the org.jboss.security.SecurityProxy interface, which requires that you implement a setEJBContext() method. JBoss will call this method prior to the invoke() of EJB method. Then you will have the SessionContext as an instance variable and can get the principal from it and use it in whatever validation code you write.
Actions
2. Re: Caller principal

starksm64 Jan 29, 2005 2:57 PM (in response to john.howard9)

There is an internal thread local that contains the associated security context. The jboss aop framework has integration points with this. What is the aop configuration your using?
Actions

Go to original post