Java EE 8 By Example
  • Introduction
  • Overview
    • Example Codes
  • JSF 2.3
    • Activating CDI in JSF 2.3
    • Run applications in JSF 2.2 compatible mode
    • CDI alignment
    • CDI compatible @ManagedProperty
    • Inject support in Converter, Validator and Behavor
    • Websocket support
    • UIData improvements
    • Class level bean validation with f:valdiateWholeBean
    • Java 8 DateTime support
    • PostRenderViewEvent: publising events after view is rendered
    • Search expression framework
  • CDI 2.0
    • Java SE support
    • Event Priority
    • Async Events
    • Register Beans dynamicially
    • Configurators and Intercept Producers
  • JPA 2.2
    • Java 8 Datetime support
    • Return Stream based result from Query
    • More CDI Alignments
  • JSON-B 1.0
  • JSON-P 1.1
  • Bean Validation 2.0
  • JAXRS 2.1
    • Async improvements
    • Server Sent Event
    • Reactive Client
  • Java EE Security API 1.0
    • HttpAuthenticationMechanism
    • IdentityStore
    • SecurityContext
  • Servlet 4.0
    • Server Push
    • Runtime Discovery of Servlet Mappings
    • Http Trailer
  • MVC 1.0
    • Getting started with MVC
    • Handling form submission
    • Exception handling and form validation
    • Processing PUT and DELETE methods
    • Page navigation
    • MVC and CDI
    • Security
    • Bean parameter conversion
    • View engine
Powered by GitBook
On this page

Was this helpful?

  1. Java EE Security API 1.0

SecurityContext

In Java EE 7 or earlier versions, other specifications, such as Servelt, EJB, JAX-RS, JAX-WS, etc. have their own specific APIs to query current security context.

  • Servlet - HttpServletRequest#getUserPrincipal, HttpServletRequest#isUserInRole

  • EJB - EJBContext#getCallerPrincipal, EJBContext#isCallerInRole

  • JAX-WS - WebServiceContext#getUserPrincipal, WebServiceContext#isUserInRole

  • JAX-RS - SecurityContext#getUserPrincipal, SecurityContext#isUserInRole

  • JSF - ExternalContext#getUserPrincipal, ExternalContext#isUserInRole

  • CDI - @Inject Principal

  • WebSockets - Session#getUserPrincipal

In Java EE 8, you can use the new SecurityContext introduced in Java EE Security 1.0 instead.

A default implementation should be available at runtime, you can inject it in CDI beans.

@Inject SecurityContext securityContext;

The new SecurityContext provides similar methods with the one in other specifications.

Principal getCallerPrincipal();
<T extends Principal> Set<T> getPrincipalsByType(Class<T> pType);
boolean isCallerInRole(String role);

The new SecurityContext allow you create own Principal instead of the default one, getPrincipalsByType can be used to fetch it.

Beside these methods.

It also provides,

  • boolean hasAccessToWebResource(String resource, String... methods) to check the caller has permission to access some web resources.

  • AuthenticationStatus authenticate(HttpServletRequest request, HttpServletResponse response, AuthenticationParameters parameters); perform a manual authentication flow.

PreviousIdentityStoreNextServlet 4.0

Last updated 4 years ago

Was this helpful?

Grab the from my GitHub account, and have a try.

source codes