standard practice for getting user info from tomcat login in

ahardy66 Apr 18, 2004 4:14 PM

I need the user's userId when processing data in my app and I get this in tomcat by getting the request.getUserPrincipal().getName() and then I look up the ID for that name from the DB and keep it in the user's servlet session scope.

I could pass this into the EJB with every call, but isn't there another way?

Can I access the servlet container session from EJB?

Or is there an EJB container equivalent of the servlet session that I can store the userId in?

Thanks
Adam

1. Re: standard practice for getting user info from tomcat logi

spiritualmechanic Apr 18, 2004 6:33 PM (in response to ahardy66)

Standard way. J2EE defined, similar to security in servlet context.

return context.getCallerPrincipal().getName();

http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Security5.html

This is categorized as programmatic security.
Actions
2. Re: standard practice for getting user info from tomcat logi

ahardy66 Apr 18, 2004 7:25 PM (in response to ahardy66)

Right, thanks Steve, but I had cottoned on to that one already. What I need to know is, once I've got my userId, can I store it in EJB anywhere?

What the equivalent of the HTTP session?

Is it possible to edit the caller principal object?
Actions

Go to original post