tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dojolava <>
Subject Re: EJB Design / Architecture
Date Mon, 06 Apr 2009 11:03:24 GMT
Hi Ivan,

thank you. Yes, I thought the same. I havent had a look at Spring Security,
I thought this is too much for what I need.

The main problem really might be that due to the fact that OpenEJB does not
return the UserPrincipal on getCallerPrincipal(), it is not possible to
determine the callers identity...
so you might be right about the need of another container or even a whole
application server like glassfish or jboss.

Or would Geronimo handle this correctly, is it a bug in OpenEJB after all?


On Sat, Apr 4, 2009 at 12:02 PM, <> wrote:

> Hi!
> First of all, I would definitely go with your second alternative with
> multiple session beans, each one responsible for a specific service.
> Have you had a look at Spring Security?
> If you want to create your own security solution, the EJB 3 specifications
> does not, to the best of my knowledge, contain anything on programmatic
> login - that is, how to programmatically set a user principal (something I
> suspect you will have to do). To find information on such things you have to
> go outside of the EJB container, for instance to Glassfish.
> For an example, see the section on Programmatic Login in chapter 5 of the
> Sun Application Server 9.1 Developer's Guide.
> Best wishes!
>  Ivan A Krizsan

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message