0

I'm actually using log4j as a logger. The logger is used in all the application layers (controller, service, dao, etc). All the layers under the controller layer are also used by a non-JSF app.

When my JSF app is running, how can I get the logged user id in the logger when there is an exception, for instance, in the service layer? The logged-in user is actually stored in the JSF session.

Note : My question is probably related to How to get the name of the logged in user in JSF service in GlassFish which seems to conclude that it is not possible.

Community
  • 1
  • 1
ForguesR
  • 3,558
  • 1
  • 17
  • 39

1 Answers1

1

When using homegrown authentication with manually putting the logged-in user in the HTTP session, you'd really have to pass it along yourself as a method argument as the service layer is supposed to be unaware of any frontend specifics such as the HTTP session (i.e., it's forbidden to import/use anything from javax.faces.*, javax.servlet.*, javax.ws.*, etc in the service layer).

When using container managed authentication via j_security_check or request.login(), it's available by EJBContext#getCallerPrincipal(). The EJBContext is in turn just injectable via @Resource. Here's an usage example in a logging interceptor.

@Resource
private EJBContext ejbContext; // You can also inject SessionContext.

@AroundInvoke
public Object log(InvocationContext invocationContext) {
    String username = ejbContext.getCallerPrincipal().getName();
    // ...
}

Note that it's never null and defaults to "anonymous" when non-logged-in.

Additional advantage of container managed authentication is that you can put security restriction annotations like @RolesAllowed on service methods. How to use container managed authentication is in turn however a story apart. Start here: How to handle authentication/authorization with users in a database?

Community
  • 1
  • 1
BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555