1 Reply Latest reply on Apr 18, 2013 7:32 AM by Stephen Coy

    JBoss security context injection

    Dmitri Zamysloff Newbie



      is there any standard way to inject security context in EE applications? For instance I would like to inject either security context or actual principal.

      We would like to use this functionality in ejbs, in CDI producers, in REST services and web services.


      Thank you in advance.

        • 1. Re: JBoss security context injection
          Stephen Coy Master

          Unfortunately there is no common way to do this. Each of the technologies that you mention provides access to the user principal slightly differently.


          For an EJB:



          public class MyStatelessBean {



               private SessionContext sessionContext;


               public void doSomething() {

                    Principal user = sessionContext.getCallerPrincipal();

                    if (sessionContext.isCallerInRole("special-role"))










          A JAX-WS web service implementation can inject a javax.xml.ws.WebServiceContex in the same way for the same purpose.


          And a REST service can inject a javax.ws.rs.core.SecurityContext.


          I think you can add an @Produces method to a stateless session bean to provide access to a Principal object for CDI:







               public Principal producePrincipal() {

                    return sessionContext.getCallerPrincipal();