Calling a SLSB with Seam security from a servlet

Posted by wilth on Stack Overflow See other posts from Stack Overflow or by wilth
Published on 2010-06-06T10:26:52Z Indexed on 2010/06/06 17:22 UTC
Read the original article Hit count: 352

Filed under:

security

|

session

|

servlets

|

ejb3

|

seam

Hello,

I have an existing application written in SEAM that uses SEAM Security (http://docs.jboss.org/seam/2.1.1.GA/reference/en-US/html/security.html). In a stateless EJB, I might find something like this:

@In
Identity identity;

... 

if(identity.hasRole("admin"))
  throw new AuthException();

As far as I understand, Seam injects the Identity object from the SessionContext of the servlet that invokes the EJB (this happens "behind the scenes", since Seam doesn't really use servlets) and removes it after the call. Is this correct?

Is it now possible to access this EJB from another servlet (in this case, that servlet is the server side of a GWT application)? Do I have to "inject" the correct Identity instance? If I don't do anything, Seam injects an instance, but doesn't correctly correlate the sessions and instances of Identity (so the instances of Identity are shared between sessions and sometimes calls get new instances etc.).

Any help and pointers are very welcome - thanks!

Technology: EJB3, Seam 2.1.2. The servlets are actually the server-side of a GWT app, although I don't think this matters much. I'm using JBoss 5.

© Stack Overflow or respective owner

Related posts about security

sudo apt-get update errors

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Here is what I get on my terminal when running sudo apt-get update errors. I dont know if the issue is from my sources.list or my proxy setup(have not made any changes to proxies). Thank you for any help in advanced. Ign http://security.ubuntu.com oneiric-security Release.gpg Ign http://security… >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Devx - Search for 'Devx'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Internet.com - Search for 'Internet.com'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
StackOverFlowError while creating Mac object on AS400/Java

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello all, I am a newbie to AS400-Java programming. I am trying to create my first program to test the implementation of Message Authentication Code (MAC). I am trying to use the HMACSHA1 hash function. My (Java 1.4) program runs fine on a dev box (V5R4).But fails terribly on the QA box (V5R3). My… >>> More
Google App Engine - Spring Security Issue (java.security.AccessControlException)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm currently getting the AccessControlException below when I deploy to app engine (I don't see it when I run in my local environment). I'm using GAE 1.3.1, Spring 3.0.1, and Spring Security 3.0.2. Any ideas how to get around this issue? It appears to be an issue with Spring Security trying to get… >>> More

Related posts about session

any clue in these logs why keyboard audio and internet are messed up

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Jun 7 00:01:18 Isis lightdm: pam_unix(lightdm-autologin:session): session opened for user mimi by (uid=0) Jun 7 00:01:18 Isis lightdm: pam_ck_connector(lightdm-autologin:session): nox11 mode, ignoring PAM_TTY :0 Jun 7 00:01:26 Isis polkitd(authority=local): Registered Authentication Agent for… >>> More
session variables lost between pages or use same variables

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, Yesterday I learn many thing from you, especially from Marc and my problem was solved ( session variables lost between pages or use same variables ). But now I continue asking: I don't want to use Session ID(session.use_trans_sid = 1) between pages. But also I don't want to use same session… >>> More
WTSQuerySessionInformation returning empty strings

as seen on Stack Overflow - Search for 'Stack Overflow'
I've written a program which should query the Terminal Services API and print out some state information about the sessions running on a terminal services box. I'm using the WTSQuerySessionInformation function to do this and it's returning some data but most of the data seems to be missing... Does… >>> More
Can I set Session timeout for a specified Session variable differently than other Session Variables

as seen on Stack Overflow - Search for 'Stack Overflow'
I'd like to set the timeout on a specific Session Variable in a .Net web application, but leave other Session variables alone. Is this possible? Example: I have 5 Session Variables Session(var1) Session(var2) Session(var3) Session(var4) Session(var5) I want to set it so that Session(var1) through… >>> More
PHP upgrade to 5.3 from 5.2, sessions no longer get stored

as seen on Server Fault - Search for 'Server Fault'
background link: http://stackoverflow.com/questions/7014945/php-upgrade-5-2-to-5-3-session-issue I have upgraded PHP on my 2008 std server from PHP 5.2 to PHP 5.3. Following the upgrade, sessions no longer work correctly. I have copied over the settings from my PHP.ini files which are applicable… >>> More