View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3820789#3820789
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3820789 Some background: We have a client that calls a method on a stateless session bean to act on other beans through local interfaces in a single (required) transaction We wrote a SecurityProxy that does instance-based per-method authorization, using our own fine grained permissions which are set for the user in the database. This user does a JAAS login using Client and Database login modules, so in SecurityProxy invoke() we can get his Principal from the EJBContext and we can look up his permissions in the database based on the name of that Principal. But we don't want to do this database permissions lookup on every method invocation, so we cache the set of permissions for that user in ThreadLocal the first time our SecurityProxy does an invoke(), and we clear it out when the transaction finishes (based on a Synchronization). My question: Is it legitimate to assume we will have the same thread through multiple calls to local bean method invocations throughout one transaction. It seems to work, but are we just lucky? ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
