-
1. Re: JBoss security context injection
sfcoy Apr 18, 2013 7:32 AM (in response to dzcs)Unfortunately there is no common way to do this. Each of the technologies that you mention provides access to the user principal slightly differently.
For an EJB:
{code:java}@Stateless
public class MyStatelessBean {
@Resource
private SessionContext sessionContext;
public void doSomething() {
Principal user = sessionContext.getCallerPrincipal();
if (sessionContext.isCallerInRole("special-role"))
performSpecialOperation();
else
performPlainOperation();
}
...
}{code}
A JAX-WS web service implementation can inject a javax.xml.ws.WebServiceContex in the same way for the same purpose.
And a REST service can inject a javax.ws.rs.core.SecurityContext.
I think you can add an @Produces method to a stateless session bean to provide access to a Principal object for CDI:
{code:java}
...
@Produces
public Principal producePrincipal() {
return sessionContext.getCallerPrincipal();
}
...
{code}