geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: retrieve custom principal from custom loginmodule in servlet
Date Fri, 05 Sep 2008 13:20:28 GMT

On Sep 5, 2008, at 8:54 AM, Marco Laponder wrote:

>
> Didn't quite succeed in this method. The getUserPrincipal always  
> return
> met a Principal of type org.apache.geronimo.jetty6.JAASJettyPrincipal.
> Solution which I now use is getting the subject of that object and
> looping over the principals in that subject to find my custom  
> principal.
> It works but I am not really impressed with the code ;-)

Sorry, I forgot about that principal.  I think in the jetty7-jaspi  
stuff I've been working with you could  define an authentication  
module where this would work.  Basically the problem is that half of  
the ee specs think that a user principal means something and half  
think that there's a Subject that means something and these points of  
view are basically (IMNSHO) incompatible.  JASPI at least lets you  
plug in something that will define the meaning of the user principal  
for yourself.

thanks
david jencks
>
>
> Kind regards,
> Marco
>
> -----Oorspronkelijk bericht-----
> Van: David Jencks [mailto:david_jencks@yahoo.com]
> Verzonden: woensdag 3 september 2008 19:07
> Aan: user@geronimo.apache.org
> Onderwerp: Re: retrieve custom principal from custom loginmodule in
> servlet
>
>
> On Sep 3, 2008, at 1:28 AM, Marco Laponder wrote:
>
>> Hi Everyone,
>>
>> I am trying to build a custom login module where custom principals  
>> are
>> added to the subject. The login works as expected and on the commit I
>> add my specific principal object to the subject.
>>
>> So far so good, but now I need to retrieve this object In my servlet
>> and
>> I was expecting to be able to retrieve it by
>> httpRequest.getUserPrincipal() but the principal returned is not an
>> instance of my custom principal. Can anyone given any tips how to  
>> find
>> out what I am doing incorrect or is this situation not possible at
>> all ?
>
> You don't say if your login configuration includes any other login
> modules.  Assuming that it does not....
>
> The specs don't describe how to pick the "UserPrincipal" from the
> possibly numerous principals in a logged-in Subject.  Geronimo uses
> this code snippet:
>
>         Set<? extends Principal> principals =
> subject.getPrincipals(GeronimoCallerPrincipal.class);
>         if (!principals.isEmpty()) {
>             context.principal = principals.iterator().next();
>         } else if (!(principals =
> subject.getPrincipals(PrimaryRealmPrincipal.class)).isEmpty()) {
>             context.principal = principals.iterator().next();
>         } else if (!(principals =
> subject.getPrincipals(RealmPrincipal.class)).isEmpty()) {
>             context.principal = principals.iterator().next();
>         } else if (!(principals =  
> subject.getPrincipals()).isEmpty()) {
>             context.principal = principals.iterator().next();
>         }
>
> So, the most reliable way to get your special principal returned as
> the UserPrincipal is to have it implement the marker interface
> GeronimoCallerPrincipal, and assure it is the only principal that
> implements that interface.
>
> Hope this helps
> david jencks
>
>>
>>
>>
>> Kind regards,
>> Marco Laponder
>>
>


Mime
View raw message