Announcement Announcement Module
Collapse
No announcement yet.
User Authorization is a Message Driven POJO Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • User Authorization is a Message Driven POJO

    There must be a 'well defined' pattern for this, however, I failed to find it.

    I have a scenario where the authenticated user may initiate mail to thousands of addresses. Proper business rules based on the user's authorization are to be validated before the send. This usually happens like this:

    Code:
    if (SecurityContextHolder.getContext()
    				.getAuthentication().getPrincipal()) IS_IN_ROLE_X {
    // Allow
    } else {
    // User does not have authority to proceed with this operation
    }
    Question is how to mimic the above code in response to a message in MyPojo.onMessage(); since there is no 'logged in' user.

    If i do something like the following is it 'safe'?

    in the onMessage() or some other place:
    Code:
    SecurityContextHolder.getContext()
    				.setAuthentication(MY-TOKEN)

    Thanks.
Working...
X