> public class OpenEJBSecurityListener implements AsyncListener {
> + static final ThreadLocal<Request> requests = new ThreadLocal<Request>();
> +public class TomEEJAASRealm extends JAASRealm {
[...]
> + // so no need to clean twice here
> + if (OpenEJBSecurityListener.requests.get() != null) {
> + ss.enterWebApp(this, principal,
> OpenEJBSecurityListener.requests.get().getWrapper().getRunAs());
Slight style change to better encapsulate this thread local.
Let's move the ThreadLocal to be a non-static private field in TomEEJAASRealm,
then add 'enter(Request)' and 'exit()' methods to TomEEJAASRealm.
The OpenEJBSecurityListener would then check the realm impl to see if it was
TomEEJAASRealm and call the enter/exit methods instead of doing the thread
local management itself.
Slight tweak which makes it clearer who needs the ThreadLocal and also prevents
its use in places where we don't intent (and it actually wouldn't exist at all
unless you were using the JAASRealm which is not common).
Thoughts?
-David
