1 Reply Latest reply on Apr 18, 2013 7:32 AM by sfcoy

JBoss security context injection

dzcs Apr 17, 2013 3:49 AM

Hi,

is there any standard way to inject security context in EE applications? For instance I would like to inject either security context or actual principal.

We would like to use this functionality in ejbs, in CDI producers, in REST services and web services.

Thank you in advance.

1. Re: JBoss security context injection

sfcoy Apr 18, 2013 7:32 AM (in response to dzcs)

Unfortunately there is no common way to do this. Each of the technologies that you mention provides access to the user principal slightly differently.

For an EJB:

{code:java}@Stateless
public class MyStatelessBean {
 
     @Resource
     private SessionContext sessionContext;
 
     public void doSomething() {
          Principal user = sessionContext.getCallerPrincipal();
          if (sessionContext.isCallerInRole("special-role"))
               performSpecialOperation();
          else
               performPlainOperation();
     }
 
     ...
 
}{code}

A JAX-WS web service implementation can inject a javax.xml.ws.WebServiceContex in the same way for the same purpose.

And a REST service can inject a javax.ws.rs.core.SecurityContext.

I think you can add an @Produces method to a stateless session bean to provide access to a Principal object for CDI:

{code:java}
     ...
 
     @Produces
     public Principal producePrincipal() {
          return sessionContext.getCallerPrincipal();
     }
 
     ...
{code}