Announcement Announcement Module
No announcement yet.
Spring SecurityContext with EJB Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring SecurityContext with EJB

    I want to use Spring Security with EJB 3.1. It was told me that storing the SecurityContext with ThreadLocal doesn't work in clustered environments. What is the best way to hold a Spring SecurityContext in a clustered EJB environment?

    My idea:
    • replace the SecurityContextHolder with a stateful singleton EJB and hold the SecurityContext for each user in a HashMap
    • access the SecurityContext for a specific user through the securityContextHolderEJB.getContext("userX") method

    Another vague idea is to use JSR 299 Contexts to hold the SecurityContext, but I have no idea how to do it or even if it would work in principle. Any ideas?

    Would this work? Better ideas?