Reputation: 506
EJB 3.1 remove invocation context for security purpose (ThreadLocal, ...)
I have a webapp on one Glassfish server (front-end) and an EJB 3.1 app (back-end) on another Glassfish server. The webapp communicates with the EJB 3.1 via remote invocation.
I would like to pass context data (user data i.e.) without having to define it as an input parameter of each business operation.
I have one idea, but not sure it will work: use a ThreadLocal to store data, but the ThreadLocal will only be available on one server (meaning JVM) => use the InvocationContext object and create interceptor to add user data to the ContextData Map.
What do you think about it? Any other ideas are more than welcome! ;-)
UPDATE
After first answer, I googled it a little bit and found the annotation @CallerPrincipal.
How can I set this object before the remote invocation?
Upvotes: 0
Views: 704
Answers (1)
Reputation: 24262
The container will already handle this so you don't have to code it yourself.
In your EJB, you can access the EJBContext, which has a getCallerPrincipal() method which will give you the callers identity.
Upvotes: 2
Related Questions
- ThreadLocal usage in enterprise application
- EJB: Lock access to a method only instead of whole bean instance
- Pass Default Application Context to Remote EJB Anonymously
- Java EE 7: invoke EJB method+transaction from "unmanaged" context
- EJB3 @RunAs annotation and security
- EJB Local includes Remote
- Adding custom context information to EJB method calls
- Why an InitialContext on Remote EJB3 Session Beans
- Request scoped context for stateless session beans
- Remote EJB3 invocation