In custom security valve if i set an attribute in session. Later i 'm not able to get this attribute in portlet JSP page. It is always NULL. Application is deployed on Tomcat and already have set crossContext="true". Does the session get overridden somewhere?
Thanks On Wed, Mar 2, 2011 at 3:59 PM, anyz <[email protected]> wrote: > I think i got it...added the custom valve in default jetspeed pipeline that > is in the following bean: > > <bean id="jetspeed-pipeline"......../> > > It is added after <ref bean="loginValidationValve" /> in constructor > argument list. Now subject and everything is available.] > > Is this correct way to do things? > > > > > On Wed, Mar 2, 2011 at 3:37 PM, anyz <[email protected]> wrote: > >> I added custom valve in "login-pipeline" bean defined in pipelines.xml >> that is probably not right place to do. >> >> >> >> On Wed, Mar 2, 2011 at 3:10 PM, anyz <[email protected]> wrote: >> >>> I implemented my custom valve by extending AbstractSecurityValve. The >>> documentation says this valve "Authenticates the user or redirects to Login >>> if necessary, adds the authenticated Subject to the RequestContext." >>> However in the invoke() method as i try to get subject from request >>> context its always NULL. >>> >>> My understanding is this valve invokes login module to authenticate user >>> and once authentication done it sets teh subject in request context. I have >>> called the super.invoke(rc,vc) in my custom valve but subject is always >>> NULL. >>> >>> Could you please guide what am i missing? >>> >>> Thanks >>> >>> >>> >>> On Wed, Mar 2, 2011 at 4:17 AM, Woonsan Ko <[email protected]> wrote: >>> >>>> >>>> --- On Tue, 3/1/11, anyz <[email protected]> wrote: >>>> >>>> > From: anyz <[email protected]> >>>> > Subject: Storing Custom Object in Session on User Login >>>> > To: "Jetspeed Users List" <[email protected]> >>>> > Date: Tuesday, March 1, 2011, 6:49 AM >>>> > I need to set a custom class object >>>> > into session once user logged into >>>> > Jetspeed. This object will be accessed and used later by >>>> > portlets. After >>>> > searching into email list and forum i found two ways of >>>> > intercepting J2 >>>> > login process: >>>> > >>>> > 1- Custom Login Module >>>> > 2- Custom Security Valve and possibly Filter (not sure if >>>> > Filter works in >>>> > Jetspeed 2.2.1 or its for old version) >>>> > >>>> > I manged to plug my custom login module however i could not >>>> > find a way to >>>> > get session in login() method and set my custom class >>>> > object into session. >>>> > Is it possible to get HttpSession in custom login module? >>>> >>>> It is not possible to access HttpSession in a JAAS LoginModule. >>>> >>>> > >>>> > If i have write security valve, do i also need some sort of >>>> > Serverlt filter >>>> > where i can set custom object into session. >>>> >>>> You don't need a servlet filter if you use a custom security valve. >>>> Servlet filter such as PoralLoginFilter is enabled/used only for some >>>> environment like WAS instead of Jetspeed JAAS LoginModule. >>>> >>>> >>>> Woonsan >>>> >>>> > >>>> > >>>> > Thanks >>>> > >>>> >>>> >>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [email protected] >>>> For additional commands, e-mail: [email protected] >>>> >>>> >>> >> >
