Search Results

Search found 3 results on 1 pages for 'wilth'.

Page 1/1 | 1 

  • Linking session state between servlets and EJBs?

    - by wilth
    Hello, I have servlets (in a web module) that access stateless EJB beans (in an EJB module). The EJB module is built using SEAM. Users can have different roles and the EJB services check this using Seam's Identity. I also use a customized Authenticator (although this might not be relevant here). I noticed problems with this approach and I'm suspecting that the session context in the servlets is not "linked" with the session context in the EJB beans. What I think happens is something like: User Joe access servlet A and is assigned Session W1. Servlet A calls a login function on an EJB, using the EJB session E1. Later, user Mary accesses servlet A and is assigned Session W2. When calling the EJBs, however, the EJB session E1 is used and therefore Mary is authenticated as Joe. What also happens is that when Joe is calling the servlet twice in rapid succession, the same session W1 is used, but two different sessions E1 and E2 in the business layer, causing errors. I might be wrong in my suspicion, but maybe I'm actually expecting these "sessions" to be linked together while they in fact are not. If this is true, is there any way of achieving this? I could - of course - use stateful beans and save the authentication information in the beans, but this would break the "Identity" concept of Seam (and in general, it would be preferable to be able to use the Session context in my EJB beans). Any help and pointers are very welcome - thanks! Technology: EJB3, Seam 2.1.2. The servlets are actually the server-side of a GWT app, although I don't think this matters much. I'm using JBoss 5.

    Read the article

  • Calling a SLSB with Seam security from a servlet

    - by wilth
    Hello, I have an existing application written in SEAM that uses SEAM Security (http://docs.jboss.org/seam/2.1.1.GA/reference/en-US/html/security.html). In a stateless EJB, I might find something like this: @In Identity identity; ... if(identity.hasRole("admin")) throw new AuthException(); As far as I understand, Seam injects the Identity object from the SessionContext of the servlet that invokes the EJB (this happens "behind the scenes", since Seam doesn't really use servlets) and removes it after the call. Is this correct? Is it now possible to access this EJB from another servlet (in this case, that servlet is the server side of a GWT application)? Do I have to "inject" the correct Identity instance? If I don't do anything, Seam injects an instance, but doesn't correctly correlate the sessions and instances of Identity (so the instances of Identity are shared between sessions and sometimes calls get new instances etc.). Any help and pointers are very welcome - thanks! Technology: EJB3, Seam 2.1.2. The servlets are actually the server-side of a GWT app, although I don't think this matters much. I'm using JBoss 5.

    Read the article

  • Interop: HmacSHA1 in Java and dotNet

    - by wilth
    Hello, In an app we are calculating a SHA1Hmac in java using the following: SecretKey key = new SecretKeySpec(secret, "HmacSHA1"); Mac m = Mac.getInstance("HmacSHA1"); m.init(secret); byte[] hmac = m.doFinal(data); And later, the hmac is verified in C# - on a SmartCard - using: HMACSHA1 hmacSha = new HMACSHA1(secret); hmacSha.Initialize(); byte[] hmac = hmacSha.ComputeHash(data); However, the result is not the same. Did I overlook something important? The inputs seem to be the same. Here some sample inputs: Data: 546573746461746131323341fa3c35 Key: 6d795472616e73616374696f6e536563726574 Result Java: 37dbde318b5e88acbd846775e38b08fe4d15dac6 Result C#: dd626b0be6ae78b09352a0e39f4d0e30bb3f8eb9 I wouldn't mind to implement my own hmacsha1 on both platforms, but using what already exists.... Thanks!

    Read the article

1