This week's book giveaway is in the Agile and Other Processes forum. We're giving away four copies of Real-World Software Development: A Project-Driven Guide to Fundamentals in Java and have Dr. Raoul-Gabriel Urma & Richard Warburton on-line! See this thread for details.
You can always pass values using env-entries. That is one quick and dirty and solution.
Your app server creates a subclass of Principal (This is the object returned when you call getCallerPrincipal on EJB Context). You need to further subclas this and add the email as a instance variable. Then customize your app server security spi implementation so that your subclass is returned.
For instance in WebLogic, it is called SSPI (Basically a bunch of classes for authN, authZ or identity assertion (if using perimeter authentication) etc... For websphere it is User Registry or Trust Association Interceptor (TAI) (if using perimeter authentication) For Tomcat it is the Realm classes (I think.. cannot recall the exact name in Tomcat)
It's funny that you mention env entries - that's what we currently do and an Ant script changes this for each server that is deplyoed to. If we could remove this - by getting the LDAP server name from the app server - then we could almost (with a bit more tweeking) use the same ear for each server and not have to build\modify the ear for each server.
I am interested in this...
Originally posted by Srikanth Shenoy: Then customize your app server security spi implementation so that your subclass is returned
I have been hunting around to find out how you would do this with WebSphere but I'm not having much luck. If it's not too much to ask, can you possibly post a URL that explains how you would go about doing this in WebSphere?
It's a pleasure to see superheros taking such an interest in science. And this tiny ad: