All geek questions in one place

Spring Security with EJB

Since EJB authorization is too limited for my needs, I want to use Spring Security with EJB. For authentication, I also want to use Spring Security. The question is, can I use the Spring Security Context in EJB.

Scenario:

  • user contacts servlet
  • authentication through Spring Security
  • servlet interacts with EJB
  • EJB can communicate with other EJBs
  • security check using an EJB interceptor or directly in an EJB method

Will the security context typically contained in the local thread be propagated through the servlet layer and ejb so that I can use it for security checks?

+4
source share
2 answers

You can access the Spring Security context provided that remote calls are not involved, but you cannot directly use any of the Spring security features that require proxying the object.

You can use Spring beans at your servlet level (by delegating the same interfaces as EJB and delegate to them), and apply protection to them. It will also allow you to get away from EJB if you want to.

Another alternative would be to consider Spring Security AspectJ support, which should work with EJB.

+1
source

If you are working in a cluster or EJB on different servers, then each server (of course) will start its own thread, so protonation will not happen.

If all of them are on the same server, they can, but I think it depends on the provider, unless you use local rather than remote interfaces.

0
source

Source: https://habr.com/ru/post/1300899/

More articles:


All Articles