geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject Re: Custom Login Module HttpServletRequest access for webservice
Date Tue, 03 Mar 2009 17:15:45 GMT

On Mar 2, 2009, at 11:39 PM, Kaupo wrote:

> Hi!
> I have made a custom login module where I need to retrieve some user  
> data
> from the HttpServletRequest. The following piece of code work well:
> request = (HttpServletRequest)
> PolicyContext.getContext("javax.servlet.http.HttpServletRequest");
> The problem is that it only works when I login from the website.
> When I use BASIC authentication from a webservice then the request  
> is going
> to be null!
> (I think it's because I made my service out of a bean and configured  
> it in
> the ejb container)
> Is there a way for me to get a similar or a HttpServletRequest when  
> loging
> in from my webservice?
> I need to get the users/servers IP from where the call is made.

I'm pretty sure that the specs don't support what your login module is  
doing, and that it only works due to some accidents of implementation  
in geronimo.  However, we ought to be able to make it work for ejb  
webservices just as well as for servlets.  I doubt it will be a big  
change.  I'm not sure we can get it fixed for 2.1.4.... we'll see.   
Could you file a jira enhancement request?

The "official" way to do this is really to use JASPI and set up a  
custom authentication method that replaces the BASIC auth and fishes  
the info out of the request and provides it to the login service....  
in this case presumably a login module.  However JASPI is only  
available in trunk and with the currently rapidly changing jetty 7  
integration and we don't have the tck for it yet.

david jencks

> Thanks in advance
> -Kaupo
> -- 
> View this message in context:
> Sent from the Apache Geronimo - Users mailing list archive at  

View raw message