PicketBoxSubject subject = // get authenticated subject SecurityContext securityContext = new PicketBoxSecurityContext(subject); SecurityContextPropagation.setContext(securityContext);
This propagation type allows you to store the user's security context in a ThreadLocal. Every request made to your application must be done with the following code:
PicketBoxSubject subject = // get authenticated subject SecurityContext securityContext = new PicketBoxSecurityContext(subject); SecurityContextPropagation.setContext(securityContext);
At the end of the request processing you must clean the propagation data:
SecurityContextPropagation.clear();
If your application has a web and EJB layer, for example, you can have a JavaEE Filter that executes the logic above before and after the chain.doFilter.
For applications using PicketBox HTTP this is automatically done. So you can get the user's security context anywhere with the following code:
SecurityContext securityContext = SecurityContextPropagation.getContext(); PicketBoxSubject subject = securityContext.getSubject();
Beside the getSubject method, the SecurityContext interface also provides some more useful methods:
public interface SecurityContext {
/**
* Get the {@link PicketBoxSubject}
*
* @return
*/
PicketBoxSubject getSubject();
/**
* <p>Returns the current {@link Principal}, if authenticated.</p>
*
* @return
*/
Principal getPrincipal();
/**
* <p>Checks if the current user has the specified role.</p>
*
* @param role
* @return
*/
boolean hasRole(String role);
}