Auditing in J2EE : How to pass the username from a remote client to the EJB container

Context:
I need to audit changes in my business entities, setting the username in a userLog field.

And I don't want to mix the auditing data and the business data.
I mean, I don't wan't to pass the user (or username) as a parameter of my business method just because it is needed for audit purpose.

Solution:
In this case, the simplest way is to pass this metadata during the JNDI lookup.
The EJB container will create a security context for my invocation with the received username.
Then, every EJB would obtain the principal (and thus, the username of the authenticated user in the remote client context) with a simple EJBContext.getCallerPrincipal().

Here is a simple example with JBoss:

In the client: Properties props = new Properties(); props.put(Context.PROVIDER_URL, "jnp://localhost:1099"); props.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory"); props.put(Context.SECURITY_PRINCIPAL, principal.getName()); this.initialContext = new InitialContext(props); ... this.initialContext.lookup("ejb/MyService");
In my entity: @PrePersist protected void setUserLogAndDateLog() { try { InitialContext ic = new InitialContext(); SessionContext sctxLookup = (SessionContext) ic.lookup("java:comp/EJBContext"); Principal principal = sctxLookup.getCallerPrincipal(); if (principal==null) { throw new IllegalStateException("Principal is not set"); } this.setUserLog(principal.getName()); this.setDateLog(new Date()); } catch (NamingException ex) { throw new IllegalStateException(ex); } }
Restrictions:
In order to reduce the lookups to Stateless EJB, the lookup can be done only once and the proxy can be kept in a cache (having a Business Delegate as Singleton, for example).
If we want to pass the username with the JNDI invocation, we have to maintain an instance of the Business Delegate for user.