开发者

EJB 3.1 remove invocation context for security purpose (ThreadLocal, ...)

I have a webapp on one Glassfish server (front-end) and an EJB 3.1 app (back-end) on another Glassfish server. The weba开发者_C百科pp communicates with the EJB 3.1 via remote invocation.

I would like to pass context data (user data i.e.) without having to define it as an input parameter of each business operation.

I have one idea, but not sure it will work: use a ThreadLocal to store data, but the ThreadLocal will only be available on one server (meaning JVM) => use the InvocationContext object and create interceptor to add user data to the ContextData Map.

What do you think about it? Any other ideas are more than welcome! ;-)

UPDATE

After first answer, I googled it a little bit and found the annotation @CallerPrincipal.

How can I set this object before the remote invocation?


The container will already handle this so you don't have to code it yourself.

In your EJB, you can access the EJBContext, which has a getCallerPrincipal() method which will give you the callers identity.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜