tags:

views:

35

answers:

1
+1  Q: 

how to obtain JSF app username from stateless session bean

Hello, in our app we use JSF & EJB 3.0 (EclipseLink 2.0). We need to use Oracle proxy authorization for every connection in our stateless session beans. For this we need to obtain DB username to connect throught proxy. DB username is constructed from JSF authenticated username by a rule.

Here is an article on topic http://blogs.oracle.com/olaf/2010/04/using_oracle_proxy_authenticat.html

So when an authenticated user calls a JSF managed bean method which in it's turn calls some session bean method his username must be somehow passed to session bean.

Right now I have two not very good solutions: - pass username as a parameter in every session bean method (not very neat but will work); - the solution from the article above: to use session bean's class member variable to store username (not thread safe and potentially dangerous)

P.S. I've found solution which is using thread local variables: _http://www.adam-bien.com/roller/abien/entry/how_to_pass_context_with It works fine, but there is still an issue. I need to put current username in every jsf session managed bean before every call to ejb session bean because it must be in the same thread.

A: 

If your users are authenticated by the container, you can access the username in the ejb by using an injected instance of javax.ejb.SessionContext like this:

@Resource
private SessionContext context;

private String getCurrentUsername() {
    return context.getCallerPrincipal().getName();
}

Edit: This works if the authentication is configured in web.xml via login-config and security-constraint elements. If you do the authentication yourself, you could use a ServletFilter and a HttpServletRequestWrapper that overrides getUserPrincipal, getRemoteUser and isUserInRole (tested in glassfish).

If you handle the authentication in a jsf bean then this probably would not work, since the ejb will already initialized and injected. You could however also create a session scoped ejb that just holds the username and inject this bean into your stateless beans.

Jörn Horstmann  2010-08-04 09:54:56
Thank a lot, Jörn. Your solution seems to me very neat.P.S. Can you tell me when SessionContext will not contain current web layer username?
Andrey  2010-08-04 10:39:32

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java