Discussions

EJB design: replace "weblogic.security.Security.getCurrentSubject()"

  1. In weblogic,we can use "weblogic.security.Security.getCurrentSubject()" method to get a javax.security.auth.Subject object,this object contains the security information of the current user that call this method."Security.getCurrentSubject()" is a static method and has no parameter,so it's easy for us to get the security information anywhere.

    But this API is provided by BEA weblogic,it's not a standard J2EE API,so it's hard for me to change the APP Server to others like WebSphere or Oracle IAS.

    Another way is use getUserPrincipal() of HttpRequest and getCallerPrincipal() of EJBContext,but these two methods need a reference to the HttpRequest object and EjbConext object,and is restrict use in Servlet and EJB,hard to use in normal java classes.

    I want to find a standard J2EE API to do the same thing,can anyone help me?Any suggestion is welcome.
  2. I am afraid that request.getUserPrincipal() and ejbContext.getCallerPrincipal() are your only standard-based options. There are no J2EE-standard static method that retrieve the caller princible.

    You might be able to mock something up using ThreadLocals, but I am not sure you could do this in a standard way either, given all the constraint in the EJB standard against thread manipulation.
  3. Dear sir I am facing same probs now i have subject in client side subject with principal but now i want get the same principal in sever side can pls tell me how to slove this prob using standard j2ee api now i have the sessionContext it giving the result as "nobody" can pls tell me how to slove this probs i am wating for REPLY