I have a JEE7 application running in Wildfly 10 (CDI 1.2). I want to add CDI Events with an @Asynchronous observer by using a stateless EJB.
@Stateless
public class SBean {
// get a static slf4j logger for the class
protected static final Logger logger = getLogger(SBean.class);
/**
* Listen for an incoming event.
* @param metadata
*/
@Asynchronous
public void observeCommits(@Observes ObjectMetadata metadata){
// determine which kind of object needs to be retrieve
logger.info( "Saw a {} with id {}", metadata.getClazz().getName(), metadata.getId());
}
}
What SecurityContext will be set when the EJB Observer fires? I tried to look for documentation in the Weld docs, but that does not seem to be the correct place as it only discusses @Observer but does not discuss the Asynchronous EJB.
Will the same security context that was in place when the event was fired be present when the observer catches it? Is there any documentation anywhere that describes the specification for this?
The specifications which govern the behavior, in this case, are the following:
From the CDI perspective, the invocation of the event observer is the same as the direct invocation of the method with corresponding parameters. From the EJB perspective, the EJB bean is made available for injection by the CDI, with all additional behavior mandated by the EJB spec.
The EJB 3.2 spec directly answers the question:
4.5.4 Security
The caller security principal propagates with an asynchronous method invocation. Caller security principal propagation behaves exactly the same for asynchronous method invocations as it does for synchronous session bean invocations.