2 Replies Latest reply on May 27, 2004 1:18 PM by a_wronski

    Propagate the user info to servlets

    a_wronski Newbie

      Hi!

      I've simple ejb/struts web servis. I use DatabaseServerLoginModule as login-module. Users enters their email/password through custom html form. Response goes to struts action (not to j_security_check). This action look like this:

      String email = (String) context.getFormProperty("email");
      String password = (String) context.getFormProperty("password");

      SecurityAssociationHandler handler = new SecurityAssociationHandler();
      Principal principal = new SimplePrincipal(email);
      handler.setSecurityInfo(principal, password.toCharArray());
      LoginContext login = new LoginContext("jdn", handler);
      login.login();
      Subject subject = login.getSubject();

      SecurityAssociation.setPrincipal(user);
      SecurityAssociation.setCredential(userpassword.toCharArray());
      SecurityAssociation.setSubject(subject);


      After this I can access user's principal from any ejb [e.g sessionContext.getCallerPrincipal() ] but httpServletRequest.getUserPrincipal() always returns null!

      I've read jaas how-to and posts from this news group but I can't find any solution for this problem.

      I'll be very thankful for any help, tips becouse I've wasted whole three days on it without any success.

      Artur Wronski

        • 1. Re: Propagate the user info to servlets
          Scott Stark Master

          You have to use the web container security to get this information into the request as tomcat does not know anything about the jboss SecurityAssociation. Your only other option is move this logic into a custom tomcat authentictor or valve.

          • 2. Re: Propagate the user info to servlets
            a_wronski Newbie

            Hi Scott!

            Thanks for you help. I've wrote something like this:

            public class PrincipalValve extends ValveBase {
             public void invoke(Request req, Response res , ValveContext vctx) throws IOException, ServletException {
            
             HttpRequest httpReq = (HttpRequest)req;
             httpReq.setUserPrincipal( new SimplePrincipal("testPrincipal") );
             vctx.invokeNext( httpReq, res);
             }
            }


            This works greate but for full happiness I need one more method to work - httpServletRequest.isUserInRole(..). I thought about some wrapper but when I use javax.servlet.http.HttpServletRequestWrapper I get ClassCastException. Is it possible to do this in this way or sould I try something else?

            I'll be very thankfull for any suggestions.

            Artur Wronski