I'm working on an application that uses EJB 3.0 and exposes its methods as web services.
SiteMinder is used to provide authentication. After successful login, the request header will contain the user's login id which can be read by
request.getHeader("sm_user");
This information is available at the WebService end point and can be read in a Servlet Filter also.
But how do I get this information in the EJB layer without explicitly passing it as a parameter? How can I get/set the credentials using a Principal object 开发者_JAVA百科with the help of an Interceptor?
Please provide your valuable inputs.
In EJB3.0 your web application and EJB runs in a different containers and EJBs cannot access any web container data. you will have to pass this information.
I think you need to install the Application Server Agent for SiteMinder on your application server so that the identity is propagated properly through the ctx.getCallerPrincipal().getName() call in your EJB.
精彩评论