stackoom
  简体   繁体   中英

EJB 3.1 remove invocation context for security purpose (ThreadLocal, …)

 原文  2011-10-03 14:43:25       java/ java-ee/ ejb-3.1

Question

I have a webapp on one Glassfish server (front-end) and an EJB 3.1 app (back-end) on another Glassfish server. The webapp communicates with the EJB 3.1 via remote invocation.

I would like to pass context data (user data ie) without having to define it as an input parameter of each business operation.

I have one idea, but not sure it will work: use a ThreadLocal to store data, but the ThreadLocal will only be available on one server (meaning JVM) => use the InvocationContext object and create interceptor to add user data to the ContextData Map.

What do you think about it? Any other ideas are more than welcome! ;-)

UPDATE

After first answer, I googled it a little bit and found the annotation @CallerPrincipal .

How can I set this object before the remote invocation?

1 answers

solution1
 2  2011-10-03 15:19:17

The container will already handle this so you don't have to code it yourself.

In your EJB, you can access the EJBContext, which has a getCallerPrincipal() method which will give you the callers identity.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question What is the purpose of home/remote interfaces EJB 3.1 Spring Security + JSR 250 + EJB 3.1 not working ThreadLocal (and Singleton) in EJB Container Threadlocal remove? Purpose and Use of ThreadLocal class? EJB Invocation failed on component by java.security.AccessControlException JBAS014360: EJB 3.1 FR 4.3.14.1 concurrent access timeout on org.jboss.invocation.InterceptorContext What's the purpose of ThreadLocal here? Wildfly Remote EJB Invocation How to pass WebSEAL security context from JSP/Servlet to EJB
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM