This is my problem:
We are building a multi-tier J2EE application using Oracles iAs9 application server. The clients will be both servlets, jsp-pages and applets. The web-tier communicates with session EJB's on the application server using "light JavaBean mirrors of the EJBs" on the web-tier.
Each user is assigned a role when logging in to the system. This role (admin, registrator, guest etc.) is used in the EJB-container to restrict access to certain methods. The JavaBeans in the web-tier uses the role to look-up the EJB's in the appserver, thereby propagating the role to the EJB-container.
The problem is that we need to propagate the unique user identity to the EJB-container as well (for logging and row-based access to the database). How do we do this in a good maner? I suppose we could send the user-identity with every method invocation, but that seems stupid :/ Is there a way to put this information into some kind of context that each EJB within the session can use? Or, can this be accomplished by setting some kind of context when looking up the home interface of the first EJB?
Any ideas are welcome!
Best Regards /Anders
WM-data eSolutions AB
anent at wmdata dot com