-
1. Re: Access to HttpServletRequest in custom LoginModule
cmoesel Jul 15, 2004 8:40 AM (in response to cmoesel)Does the lack of replies mean this is not possible (something I don't understand about the JAAS spec), or that no one knows how to do it? Just wondering if this is worth pursuing.
-
2. Re: Access to HttpServletRequest in custom LoginModule
phantom Jul 15, 2004 8:48 AM (in response to cmoesel)I think it will be greate to add a new callbackhandler which can save parameters from request.
But in your case I can advise you to use filters to implement logic whcih you want. -
3. Re: Access to HttpServletRequest in custom LoginModule
cmoesel Jul 15, 2004 10:21 AM (in response to cmoesel)Will/Can the filters push the authentication down to the EJB level though? I need to be able to access the user principal and roles in the EJB tier as well. The Yale CAS actually works by default with servlet filters, so that would be great-- if I can figure out how to get the authentication to be recognized in the EJBs as well.
-
4. Re: Access to HttpServletRequest in custom LoginModule
ceasaros Jul 15, 2004 10:49 AM (in response to cmoesel)In a javax.servlet.Filter you can acces the authenticated/authorizated Principal where you can add your own values to the Principal. The Principal will travel to the ejb context where you can retrieve the values you put in the Principal. For this you probably need to define your own Principal.