2 Replies Latest reply on Jan 29, 2005 2:57 PM by Scott Stark

    Caller principal

    john howard Newbie

      Is there anyway to get the caller principle if we don't have the SessionContext. We're using a AOP intercept to apply access control to session bean method calls and we need the principal and role information (e.g. isCallerInRole) to determine the access rights. This has to be done without modification to the existing session beans.

      Thanks,

      John.

        • 1. Re: Caller principal
          Steven Harris Newbie

          I believe it works this way: The SecurityProxy that you write as part of the AOP should implement the org.jboss.security.SecurityProxy interface, which requires that you implement a setEJBContext() method. JBoss will call this method prior to the invoke() of EJB method. Then you will have the SessionContext as an instance variable and can get the principal from it and use it in whatever validation code you write.

          • 2. Re: Caller principal
            Scott Stark Master

            There is an internal thread local that contains the associated security context. The jboss aop framework has integration points with this. What is the aop configuration your using?