2 Replies Latest reply on May 27, 2004 1:18 PM by a_wronski

    Propagate the user info to servlets

    a_wronski
    a_wronski May 26, 2004 8:50 AM

      Hi!

      I've simple ejb/struts web servis. I use DatabaseServerLoginModule as login-module. Users enters their email/password through custom html form. Response goes to struts action (not to j_security_check). This action look like this:

      String email = (String) context.getFormProperty("email");
      String password = (String) context.getFormProperty("password");

      SecurityAssociationHandler handler = new SecurityAssociationHandler();
      Principal principal = new SimplePrincipal(email);
      handler.setSecurityInfo(principal, password.toCharArray());
      LoginContext login = new LoginContext("jdn", handler);
      login.login();
      Subject subject = login.getSubject();

      SecurityAssociation.setPrincipal(user);
      SecurityAssociation.setCredential(userpassword.toCharArray());
      SecurityAssociation.setSubject(subject);


      After this I can access user's principal from any ejb [e.g sessionContext.getCallerPrincipal() ] but httpServletRequest.getUserPrincipal() always returns null!

      I've read jaas how-to and posts from this news group but I can't find any solution for this problem.

      I'll be very thankful for any help, tips becouse I've wasted whole three days on it without any success.

      Artur Wronski

      • 3390 Views
      • Tags:
        • 1. Re: Propagate the user info to servlets
          starksm64
          starksm64 May 26, 2004 9:31 PM (in response to a_wronski)

          You have to use the web container security to get this information into the request as tomcat does not know anything about the jboss SecurityAssociation. Your only other option is move this logic into a custom tomcat authentictor or valve.

            • Actions
          • 2. Re: Propagate the user info to servlets
            a_wronski
            a_wronski May 27, 2004 1:18 PM (in response to a_wronski)

            Hi Scott!

            Thanks for you help. I've wrote something like this:

            public class PrincipalValve extends ValveBase {
 public void invoke(Request req, Response res , ValveContext vctx) throws IOException, ServletException {

 HttpRequest httpReq = (HttpRequest)req;
 httpReq.setUserPrincipal( new SimplePrincipal("testPrincipal") );
 vctx.invokeNext( httpReq, res);
 }
}


            This works greate but for full happiness I need one more method to work - httpServletRequest.isUserInRole(..). I thought about some wrapper but when I use javax.servlet.http.HttpServletRequestWrapper I get ClassCastException. Is it possible to do this in this way or sould I try something else?

            I'll be very thankfull for any suggestions.

            Artur Wronski

              • Actions