I implemented my custom valve by extending AbstractSecurityValve. The documentation says this valve "Authenticates the user or redirects to Login if necessary, adds the authenticated Subject to the RequestContext." However in the invoke() method as i try to get subject from request context its always NULL.
My understanding is this valve invokes login module to authenticate user and once authentication done it sets teh subject in request context. I have called the super.invoke(rc,vc) in my custom valve but subject is always NULL. Could you please guide what am i missing? Thanks On Wed, Mar 2, 2011 at 4:17 AM, Woonsan Ko <[email protected]> wrote: > > --- On Tue, 3/1/11, anyz <[email protected]> wrote: > > > From: anyz <[email protected]> > > Subject: Storing Custom Object in Session on User Login > > To: "Jetspeed Users List" <[email protected]> > > Date: Tuesday, March 1, 2011, 6:49 AM > > I need to set a custom class object > > into session once user logged into > > Jetspeed. This object will be accessed and used later by > > portlets. After > > searching into email list and forum i found two ways of > > intercepting J2 > > login process: > > > > 1- Custom Login Module > > 2- Custom Security Valve and possibly Filter (not sure if > > Filter works in > > Jetspeed 2.2.1 or its for old version) > > > > I manged to plug my custom login module however i could not > > find a way to > > get session in login() method and set my custom class > > object into session. > > Is it possible to get HttpSession in custom login module? > > It is not possible to access HttpSession in a JAAS LoginModule. > > > > > If i have write security valve, do i also need some sort of > > Serverlt filter > > where i can set custom object into session. > > You don't need a servlet filter if you use a custom security valve. > Servlet filter such as PoralLoginFilter is enabled/used only for some > environment like WAS instead of Jetspeed JAAS LoginModule. > > > Woonsan > > > > > > > Thanks > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
