Question
I want to implement auditing in my web project. Basically, my app is composed by a Web Project (WAR) that call methods in a EJB Project (JAR), everything is wrapped inside an EAR which is deployed in a container (Jboss and probably Websphere in the near future).
So, I got the user session on the web side and the entities and DAOs on the ejb side. I would like to implement an auditing procedure on some user transactions, so the data state should be persisted on the database together with the id of the user who performed the change.
I can easily pass the user id on every call to the EJB side and perform the auditing from within the business methods, but that would clutter my business and client methods.
I have looked into Hibernate Envers, which is a very interesting Auditing framework, but it doesn't audit the user id out-of-the-box. So I looked further and found out this post, which explains how to use a RevisionListener to get the user id from the session and store it in the database. However, it doesn't seem to work in a EAR architecture for the following reason: this RevisionListener uses FacesContext.getCurrentInstance() in order to obtain the user id from the session, so this implies that the RevisionListener should be on the Web side of the app, not on the EJB side...
Well, I hope I had made myself clear enough :)
Cheers!
Solution
If you already have stateless session beans which contain your business logic, the name of the authenticated user is already passed into your EJBs
You could use sessionContext.getCallerPrincipal() to get the name of the calling user.
Requirements
https://stackoverflow.com/questions/18129966
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianlogin-config (defined in web.xml)security-domain (jboss.xml); other application servers should have a similar pattern to implement login/authentication