We are planning to use ejbs for our service layer. We have http clients and EJB clients.
We want to authorise a user action based on his roles. There are two kinds of users, admins and non admins.
We configured a realm in the server and in the web tier the SecurityContext is populated by the server.
We want to basically write an interceptor and add it on the service methods. Whenever an ejb method is called, irrespective of from which client layer the method is called, the interceptor should be able to get the user name/id so that it can check for authorization.
Can anyone help me how to solve this?