Now portlet development contain lots of challenges...As i stated actually i want to set a custom class (say MySessionClass) into session. With security valve i have to have that class in jar file that contains custom security valve and placed in portal application jetspeed.
While getting this attribute from my portlet application i have that MySessionClass in portlet application classpath. Now casting the session attribute to this causes ClassCastException becuase two classes are loaded by JVM from differnt locations. One possible way could be to place the MySessionClass in soem common lib or application server (Tomcat) where both portal and portlet application can access it. But i wonder how people achieve this behaviour...ins'nt there some more simple way. On Thu, Mar 3, 2011 at 12:12 PM, anyz <[email protected]> wrote: > Thank you woonsan, it worked like a charm. > > > On Thu, Mar 3, 2011 at 4:36 AM, Woonsan Ko <[email protected]> wrote: > >> In your custom valve, you may have set an attribute in an http session of >> the portal application. >> Now, you're trying to get the attribute in an http session of a portlet >> application. Http sessions are not shared between web applications. >> So, you can try this from your portlet code with Jetspeed API to get >> accesses to the portal session attributes: >> >> import org.apache.jetspeed.request.RequestContext; >> >> RequestContext rc = (RequestContext) >> portletRequest.getAttribute(RequestContext.REQUEST_PORTALENV); >> Object attr = rc.getSessionAttribute("some-attribute-name"); >> >> >> Woonsan >> >> --- On Wed, 3/2/11, anyz <[email protected]> wrote: >> >> > From: anyz <[email protected]> >> > Subject: Re: Storing Custom Object in Session on User Login >> > To: "Jetspeed Users List" <[email protected]> >> > Date: Wednesday, March 2, 2011, 2:59 PM >> > I used to get session in valve as >> > requestContext.getRequest().getSession() >> > and then set attribute in session. However i am not able to >> > get this >> > attribute in portlet JSP page from HttpSession or >> > PortletSession. This seems >> > to be same problem as given in another thread at >> > http://permalink.gmane.org/gmane.comp.jakarta.jetspeed.user/23626 >> > >> > Probably if i could set the attribute in portletsession and >> > with >> > APPLICATION_SCOPE that may be available. But its not >> > possibel to get portlet >> > session in valve. >> > >> > >> > >> > >> > >> > On Wed, Mar 2, 2011 at 5:54 PM, anyz <[email protected]> >> > wrote: >> > >> > > In custom security valve if i set an attribute in >> > session. Later i 'm not >> > > able to get this attribute in portlet JSP page. It is >> > always >> > > NULL. Application is deployed on Tomcat and already >> > have set >> > > crossContext="true". Does the session get overridden >> > somewhere? >> > > >> > > Thanks >> > > >> > > On Wed, Mar 2, 2011 at 3:59 PM, anyz >> > <[email protected]> >> > wrote: >> > > >> > >> I think i got it...added the custom valve in >> > default jetspeed pipeline >> > >> that is in the following bean: >> > >> >> > >> <bean id="jetspeed-pipeline"......../> >> > >> >> > >> It is added after <ref >> > bean="loginValidationValve" /> in constructor >> > >> argument list. Now subject and everything is >> > available.] >> > >> >> > >> Is this correct way to do things? >> > >> >> > >> >> > >> >> > >> >> > >> On Wed, Mar 2, 2011 at 3:37 PM, anyz <[email protected]> >> > wrote: >> > >> >> > >>> I added custom valve in "login-pipeline" bean >> > defined in pipelines.xml >> > >>> that is probably not right place to do. >> > >>> >> > >>> >> > >>> >> > >>> On Wed, Mar 2, 2011 at 3:10 PM, anyz <[email protected]> >> > wrote: >> > >>> >> > >>>> I implemented my custom valve by extending >> > AbstractSecurityValve. The >> > >>>> documentation says this valve >> > "Authenticates the user or redirects to Login >> > >>>> if necessary, adds the authenticated >> > Subject to the RequestContext." >> > >>>> However in the invoke() method as i try to >> > get subject from request >> > >>>> context its always NULL. >> > >>>> >> > >>>> My understanding is this valve invokes >> > login module to authenticate user >> > >>>> and once authentication done it sets teh >> > subject in request context. I have >> > >>>> called the super.invoke(rc,vc) in my >> > custom valve but subject is always >> > >>>> NULL. >> > >>>> >> > >>>> Could you please guide what am i missing? >> > >>>> >> > >>>> Thanks >> > >>>> >> > >>>> >> > >>>> >> > >>>> On Wed, Mar 2, 2011 at 4:17 AM, Woonsan Ko >> > <[email protected]> >> > wrote: >> > >>>> >> > >>>>> >> > >>>>> --- On Tue, 3/1/11, anyz <[email protected]> >> > wrote: >> > >>>>> >> > >>>>> > From: anyz <[email protected]> >> > >>>>> > Subject: Storing Custom Object in >> > Session on User Login >> > >>>>> > To: "Jetspeed Users List" <[email protected]> >> > >>>>> > Date: Tuesday, March 1, 2011, >> > 6:49 AM >> > >>>>> > I need to set a custom class >> > object >> > >>>>> > into session once user logged >> > into >> > >>>>> > Jetspeed. This object will be >> > accessed and used later by >> > >>>>> > portlets. After >> > >>>>> > searching into email list and >> > forum i found two ways of >> > >>>>> > intercepting J2 >> > >>>>> > login process: >> > >>>>> > >> > >>>>> > 1- Custom Login Module >> > >>>>> > 2- Custom Security Valve and >> > possibly Filter (not sure if >> > >>>>> > Filter works in >> > >>>>> > Jetspeed 2.2.1 or its for old >> > version) >> > >>>>> > >> > >>>>> > I manged to plug my custom login >> > module however i could not >> > >>>>> > find a way to >> > >>>>> > get session in login() method and >> > set my custom class >> > >>>>> > object into session. >> > >>>>> > Is it possible to get HttpSession >> > in custom login module? >> > >>>>> >> > >>>>> It is not possible to access >> > HttpSession in a JAAS LoginModule. >> > >>>>> >> > >>>>> > >> > >>>>> > If i have write security valve, >> > do i also need some sort of >> > >>>>> > Serverlt filter >> > >>>>> > where i can set custom object >> > into session. >> > >>>>> >> > >>>>> You don't need a servlet filter if you >> > use a custom security valve. >> > >>>>> Servlet filter such as >> > PoralLoginFilter is enabled/used only for some >> > >>>>> environment like WAS instead of >> > Jetspeed JAAS LoginModule. >> > >>>>> >> > >>>>> >> > >>>>> Woonsan >> > >>>>> >> > >>>>> > >> > >>>>> > >> > >>>>> > Thanks >> > >>>>> > >> > >>>>> >> > >>>>> >> > >>>>> >> > >>>>> >> > >>>>> >> > --------------------------------------------------------------------- >> > >>>>> To unsubscribe, e-mail: >> [email protected] >> > >>>>> For additional commands, e-mail: >> [email protected] >> > >>>>> >> > >>>>> >> > >>>> >> > >>> >> > >> >> > > >> > >> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> >
