[jboss-user] [EJB 3.0] - Entity Ownership check
fcorneli
do-not-reply at jboss.com
Mon Dec 18 11:41:11 EST 2006
@RolesAllowed allows one to check whether a caller principal has a certain role in a declarative way. Besides checking permissions on executed operations there is also something I call entity ownership checking. This is where you want to check whether the caller principal is allowed to update an Entity. For this I would like to use an Entity Listener since this is one of those cross-cutting concerns. But apparently it's not possible to inject the SessionContext into the listener, since it's not an EJB3 session bean I guess. Thus I'm using the SecurityAssociation.getPrincipal/getSubject to gain access to the caller principal and roles in order to perform the entity ownership checks. Is it OK to use the SecurityAssociation for this purpose?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3994730#3994730
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3994730
More information about the jboss-user
mailing list