1 Reply Latest reply on Apr 18, 2013 7:32 AM by Stephen Coy

    JBoss security context injection

    Dmitri Zamysloff Newbie

      Hi,

       

      is there any standard way to inject security context in EE applications? For instance I would like to inject either security context or actual principal.

      We would like to use this functionality in ejbs, in CDI producers, in REST services and web services.

       

      Thank you in advance.

        • 1. Re: JBoss security context injection
          Stephen Coy Master

          Unfortunately there is no common way to do this. Each of the technologies that you mention provides access to the user principal slightly differently.

           

          For an EJB:

           

          {code:java}@Stateless

          public class MyStatelessBean {

           

               @Resource

               private SessionContext sessionContext;

           

               public void doSomething() {

                    Principal user = sessionContext.getCallerPrincipal();

                    if (sessionContext.isCallerInRole("special-role"))

                         performSpecialOperation();

                    else

                         performPlainOperation();

               }

           

               ...

           

          }{code}

           

          A JAX-WS web service implementation can inject a javax.xml.ws.WebServiceContex in the same way for the same purpose.

           

          And a REST service can inject a javax.ws.rs.core.SecurityContext.

           

          I think you can add an @Produces method to a stateless session bean to provide access to a Principal object for CDI:

           

           

          {code:java}

               ...

           

               @Produces

               public Principal producePrincipal() {

                    return sessionContext.getCallerPrincipal();

               }

           

               ...

          {code}