8 Replies Latest reply on Nov 1, 2011 9:42 PM by zeeman

    CDI Qualifiers Question & Seam Security

    zeeman Novice

      I have two authenticators; one for DB and the other for openId. Each authenticator produces a LoggedInUser object.


      Through out my app I would like to inject LoggedInUser, regardless whether it comes from DB authenticator or OpenId one. In my code I use @Any to inject LoggedInUser. To avoid ambiguous errors, I use a Stateful EJB CurrentUserManager that observes what authenticators produce and it's the class that produces LoggedInUser.


      In production only OpenId one will be uses, in development DB one will be used.


      Is this the right way to do this?


      Sample code:


      @Named("dbAuthenticator")
      public class DBAuthenticator extends BaseAuthenticator implements Authenticator {
      
           @Inject
           @DBAuthenticated
           private Event<LoggedInMemberInfo> loginEventSrc;
      
      }
      



      @Named("openIdAuthenticator")
      public class OpenIdAuthenticator extends BaseAuthenticator implements Authenticator {
      
           @Inject
           @OpenIdAuthenticated
           private Event<LoggedInMemberInfo> loginEventSrc;
      
      }
      



      @Stateful
      @SessionScoped
      public class CurrentUserManager implements Serializable {
      
           private static final long serialVersionUID = 1L;
           private LoggedInMemberInfo currentUser;
      
           @Produces
           @Any
           public LoggedInMemberInfo getCurrentAccount() {
                return currentUser;
           }
      
           public void onLoginOpenId(@Observes @OpenIdAuthenticated  LoggedInMemberInfo user) {currentUser = user;}
           public void onLoginDB(@Observes @DBAuthenticated  LoggedInMemberInfo user) {currentUser = user;}
      



      I use it in code like this:


      @Inject @Any
      private LoggedInMemberInfo user;