tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anthony Fryer <apfr...@hotmail.com>
Subject Re: OpenEJB vs JBoss
Date Fri, 16 Mar 2012 00:34:34 GMT
It would be nice to have a SecurityService that allowed you to use the
Servlet api to enforce role based security and authorization when using
openejb in *embedded* mode inside a servlet container.  

The HttpServletRequest api gives you 
  isUserInRole() 
  getRemoteUser()

The ejb SessionContext provides
  getCallerPrincipal()
  isCallerInRole()


It would be nice if the ejb session context could use the related
HttpServletRequest api methods in its implementation in cases where openejb
is embedded in a servlet container.  From not thinking about this too much,
you might need to use a ServletFilter in conjunction with a
ServletSecurityService.  I did look at this a while ago but don't have much
time to dedicate to it and it works using TomEE so wasn't a show stopper,
just a nice to have.

--
View this message in context: http://openejb.979440.n4.nabble.com/ejb-from-ws-tp4470387p4476833.html
Sent from the OpenEJB User mailing list archive at Nabble.com.

Mime
View raw message