getting the logged in user in JBoss

When developing EJB beans, there are ways to inject the current user to assure the logged in user is known. The same goes when developing a web application where the information is available through the HTTPServletRequest.

However when outside these, like when developing a JMX bean or when writing a webservice which requires authentication, there are no standard ways to get this information.

In JBoss however, this can be solved by accessing the SecurityAssociation class.

SecurityAssociation is the JBoss recommended make login and credentials (password) available when doing remote EJB access. Looking though the JBoss source it appears that this is used to store the credentials server side as well. So, you can always get the login details using
SecurityAssociation.getPrincipal().

Also interesting (but completely untested), is the pushRunAsIdentity() method which should allow (server-side only) switching run-as role without the need to call a EJB.

89 Comments

  1. Ketara says:

    Thanks for writing this.

Leave a Reply

Your email address will not be published. Required fields are marked *

question razz sad evil exclaim smile redface biggrin surprised eek confused cool lol mad twisted rolleyes wink idea arrow neutral cry mrgreen

*