Feb 11th, 2010, 05:23 AM
Spring SecurityContext with EJB
I want to use Spring Security with EJB 3.1. It was told me that storing the SecurityContext with ThreadLocal doesn't work in clustered environments. What is the best way to hold a Spring SecurityContext in a clustered EJB environment?
- replace the SecurityContextHolder with a stateful singleton EJB and hold the SecurityContext for each user in a HashMap
- access the SecurityContext for a specific user through the securityContextHolderEJB.getContext("userX") method
Another vague idea is to use JSR 299 Contexts to hold the SecurityContext, but I have no idea how to do it or even if it would work in principle. Any ideas?
Would this work? Better ideas?
Tags for this Thread