Propagate user principal from REST to EJB layer

Question

I am starting an application that uses a REST api which makes calls to an EJB layer on JBoss Wildfly (RestEasy).

The REST services are inside a war which then calls the ejb layer. I know how to achieve BASIC or any custom form of authenthication on REST with an RestEasy Interceptor that checks Headers etc. Basically like described here: http://howtodoinjava.com/2013/06/26/jax-rs-resteasy-basic-authentication-and-authorization-tutorial/

The problem now is - this is just a check on the REST facade. Inside the EJB layer I don't know the user that authenticated against the REST service.

To clear this - when using RMI and Remote EJB calls with authentication, the user name is stored in Session Context:

@Stateless
public class LoginService {
@Resource
private SessionContext sessionContext;

  public String getCurrentUser() {
    Principal principal = sessionContext.getCallerPrincipal();
    return principal.getName(); //I need this to be the username from REST auth
    //Currently it's anonymous
  }
}

Is there a way to propagate the username in some standard way? E.g. putting a custom principal to SessionContext?

Answer 1

You can use the Subject's doAs method. See the JavaDocs here.

When makings calls from the war to the EJB do it with the authenticated subject's doAs method. This way the subject is propagated to the context of the ejb. (eg. @RolesAllowed will work fine) You can config the authentication in the web.xml as usual if you want.

To get the subject in the war, try this Subject userSubject=(Subject)PolicyContext.getContext("javax.security.auth.Subject.container");