tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Romain Manni-Bucau <>
Subject Re: How can i propagate security context from servlet layer to embedded openejb
Date Thu, 29 Dec 2011 08:43:09 GMT
i think a custom security service, maybe with the mecanism you describe, is

Note: we provide an arquillian adapter which allows you to test it in tomee
directly (look these tests for instance:
either in "tomee-embedded" or tomee-remote (a real tomee)

- Romain

2011/12/29 afryer <>

> I usually use container provided security, like a tomcat DataSourceRealm.
>  In
> my application i programatically log the user on using the new
> HttpServletRequest login method.  Lately I've started using openejb in
> embedded mode, particularly when testing.  I am testing frameworks like
> spring-test-mvc and ServletUnit where you can specify users and their roles
> when invoking test cases.
> I started wondering if a servlet filter could be created that would create
> a
> new openejb InitialContext(), combined with a SecurityService that held a
> reference to an HttpServletRequest so it could use the getUserPrincipal()
> and isUserInRole() methods of the HttpServletRequest object in the ejb
> context.  Maybe it could be called a ServletSecurityService or something,
> that could be used for testing.  Its not really jaas or jacc.  I'm not sure
> if there's another way to get the security context the same across servlets
> and ejbs without using container specific adapters.
> --
> View this message in context:
> Sent from the OpenEJB User mailing list archive at

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message