Hi Richard
What if I want to use RBAC (Role based access control)??
How can I send in the user's name if the user comes in as "orderer" into the
EJB based system and not as "mvc9" ?
Do I have to store the userId somewhere in the Servlet or the session bean?
What are others doing regarding this issue?? I am sure I am not the first
one to run into this.
Thanks
Madhu
-----Original Message-----
From: Richard Monson-Haefel [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 01, 2000 5:50 PM
To: [EMAIL PROTECTED]
Subject: Re: CMP Entities - logging changes to attributes?
Hi May,
If I understand you correctly you want to get the identity of the caller,
which
can be obtained using the EJBContext as follows:
public class MyBean implements EntityBean {
public int something;
public double somethingelse;
public long timestamp;
public String callerID;
public EntityContext ejbContext;
public void setEntityContext(EntityContext cntxt){
ejbContext = cntxt;
}
public void ejbStore( ){
Principal principal = ejbContext.getCallerPrincipal();
callerID = principal.getName();
timestamp = System.currentTimeMillis();
...
}
...
}
Of course, the Principal is not necessarily the same as the person running
the
application. It all depends on how you set up your security environment, but
if
you know your target environment and how Principal maps to authenticated
users,
then this should work fine.
Richard
May Charles N wrote:
> In our design we have specified a CMP attribute on each of our entity
beans
> which preserves the id and time of the last user to issue an update.
>
> What I would like to know is how to extract this information and where to
> set this particular attribute. I presume it should be set just before or
in
> ejbStore(). Extracting the time is trivial, using
> System.currentTimeMillis(). How can I determine the user's id? I presume
> this can't be done on the database end, because the database only knows
that
> the EJB container is posting changes, not the
> individual user. So how does one do it in the Bean class?
>
> (The views represented in this message are my own, and do not necessarily
> represent the views of my employer).
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
