EJB 3.1为安全目的删除调用上下文(ThreadLocal,...)
[英]EJB 3.1 remove invocation context for security purpose (ThreadLocal, …)
问题描述
I have a webapp on one Glassfish server (front-end) and an EJB 3.1 app (back-end) on another Glassfish server. 
我在一个Glassfish服务器(前端)上有一个webapp,在另一个Glassfish服务器上有一个EJB 3.1应用程序(后端)。 The webapp communicates with the EJB 3.1 via remote invocation. webapp通过远程调用与EJB 3.1进行通信。
I would like to pass context data (user data ie) without having to define it as an input parameter of each business operation. 我想传递上下文数据(用户数据ie),而不必将其定义为每个业务操作的输入参数。
I have one idea, but not sure it will work: use a ThreadLocal to store data, but the ThreadLocal will only be available on one server (meaning JVM) => use the InvocationContext object and create interceptor to add user data to the ContextData Map. 我有一个想法,但不确定它是否会起作用:使用ThreadLocal存储数据,但ThreadLocal只能在一个服务器上使用(意味着JVM)=>使用InvocationContext对象并创建拦截器以将用户数据添加到ContextData Map 。
What do you think about it? 你怎么看待这件事? Any other ideas are more than welcome! 任何其他想法都非常欢迎! ;-) ;-)
UPDATE UPDATE
After first answer, I googled it a little bit and found the annotation @CallerPrincipal . 在第一次回答后,我用Google搜索了一下,找到了注释@CallerPrincipal 。
How can I set this object before the remote invocation? 如何在远程调用之前设置此对象?
1 个解决方案
解决方案1
2 2011-10-03 15:19:17
The container will already handle this so you don't have to code it yourself. 容器已经处理好了,所以你不必自己编写代码。
In your EJB, you can access the EJBContext, which has a getCallerPrincipal() method which will give you the callers identity. 在EJB中,您可以访问EJBContext,它具有getCallerPrincipal()方法,该方法将为您提供调用者身份。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.