0

I need a bean for inject @Ressource SessionContext ctx with JAAS. With the SessionContext can I check the user rights about ctx.isCallerInRole("ROLE");

But what is the right Bean declaration? @Statful? @Stateless? and @SessionScope? I need a instance for every User.

jklee
  • 2,198
  • 2
  • 15
  • 25

1 Answers1

1

With the SessionContext can I check the user rights about ctx.isCallerInRole("ROLE")?

Yes you can.

But what is the right Bean declaration? @Statful? @Stateless? and @SessionScope?

There is no @SessionScope for EJB. You can inject SessionContext both in @Statful/@Stateless bean. It depends on what you need. Usually User instance has to live as long as the session lives. EJB doesn't have session-scoped beans, so for that purpes it is often mixed with CDI (read more here CDI + EJB) or other session-scoped beans like Managed beans.

Community
  • 1
  • 1
Szarpul
  • 1,531
  • 11
  • 21
  • How do I guarantee that for each user the correct SessionContext is called up? – jklee Apr 24 '15 at 09:54
  • This is guaranteed by Java EE spec. For more information about sessions read about web server session management. This post might be of some help: http://stackoverflow.com/questions/10960131/authentication-authorization-and-session-management-in-traditional-web-apps-and – Szarpul Apr 24 '15 at 10:11
  • My problem was, a user have the SessionContext from a other user. But now I think, It was a Context problem with the CDI Producer. Thank you. – jklee Apr 28 '15 at 08:59