Hi all!
We are in the need of transporting security related date
with each ejb call.
So what I have done is I have modified
org.enhydra.security.avs.api.SecurityContext
so I can attach an Object of my own (see the
attached code)
So what I can do now in the client is:
SecurityCurrent current = SecurityCurrent.getCurrent() ;
ContextData ct = new ContextData(new BigDecimal(123), "Token XYZ");
SecurityContext ctx = new SecurityContext ("joebar", ct);
current.setSecurityContext(ctx);
The obviouse advantage is, with every call I get the
ContextDate to my bean, wher I can check it.
Here is the code on the bean side:
ContextData ct = (ContextData)
((org.enhydra.security.avs.api.SecurityContext)ejbContext.getCallerPrincipal
())
.getContextData();
System.out.println("WtId:" + ct.getWtId());
System.out.println("Token:" + ct.getToken());
The obviouse disadvantage is, that this is not standard ejb code,
at least not the cast to org.enhydra.security.avs.api.SecurityContext
in the bean code.
Is there a better (standard) way to transfer data to the bean
with each code? getCallerPrincipal().getName() is not enough for
our application as we need to do some additional security
checks on the ejb side.
I also thougt about coding all the information in the
Principal Name, but that is also not a very standard way I think.
Any help and hints are very welcome!
Thanks, Max
---
Dipl.-Ing. Maximilian Weißböck
i-online Software AG
Tel.: +43 2236 3080 3785
Handy: 0699 1888 3785
Fax: +43 2236 3080 24 3785
mailto:[EMAIL PROTECTED]
http://www.i-online.cc
SecurityContext.java
ContextData.java
