How to propagate spring security login to EJBs?

Posted by tangens on Stack Overflow See other posts from Stack Overflow or by tangens
Published on 2010-05-02T09:29:23Z Indexed on 2010/05/02 9:37 UTC
Read the original article Hit count: 425

Context

I have a J2EE application running on a JBoss 4.2.3 application server. The application is reachabe through a web interface. The authentication is done with basic authentication. Inside of the EJBs I ask the security context of the bean for the principal (the name of the logged in user) and do some authorization checks if this user is allowed to access this method of the EJB. The EJBs life inside a different ear than the servlets handling the web frontend, so I can't access the spring application context directly.

Required change

I want to switch to Spring Security for handling the user login.

Question

How can I propagate the spring login information to the JBoss security context so I can still use my EJBs without having to rewrite them?


Ideas and links

I already found a page talking about "Propagating Identity from Spring Security to the EJB Layer", but unfortunatelly it refers to an older version of Spring Security (Acegi) and I'm not familiar enough with Spring Security to make this work with the actual version (3.0.2).

© Stack Overflow or respective owner

Related posts about spring-security

Related posts about jboss