Screencast: Extending JavaEE Authorization With Custom Principal

With a few lines of code you can expose a custom principal and fetch entitlements from whatever store you like. External libraries become obsolete and your WAR stays leaner:

[See also an in-depth discussion in the "Real World Java EE Patterns--Rethinking Best Practices" book (Second Iteration, "Green Book"), page 161 (Sample "Principal Enricher") in, chapter "Re-Injector"]

See also other screencasts at: or subscribe to

See you at Java EE Workshops at MUC Airport, particularly at the Effective JavaEE workshop!

Web Apps, SPA, PWA with vanilla Java Script (ES 6+), CSS 3 and WebStandards only. As simple as possible, but not simpler. See you at: (Progressive) Web apps, Single Page Apps and WebStandards airhacks workshops at MUC airport, Winter Edition the podcast:

Stay in touch:


Shouldn't you use Instance<Principal> in your producer?

Posted by RS on September 05, 2013 at 11:03 AM CEST #

Is it OK to CustomRealm to be @Stateless, since the injected Principal is different for every user?

Posted by The Alchemist on August 05, 2015 at 02:16 AM CEST #

Post a Comment:
  • HTML Syntax: NOT allowed
Online Workshops
...the last 150 posts
...the last 10 comments