subject:"Re\: Custom Login Module HttpServletRequest access for webservice"

Re: Custom Login Module HttpServletRequest access for webservice

2009-03-05 Thread Kaupo




kevan wrote:
> 
> 
> On Mar 5, 2009, at 5:40 AM, Kaupo wrote:
> 
>> I'd love to file a jira enhancement request. But I've never done that
>> before, so when can I do it?
> 
> Thanks Kaupo.
> 
> Geronimo's Jira page is here --
> http://issues.apache.org/jira/browse/GERONIMO
> 
> You'll need a Jira account to create Jira's. Do this here --
> https://issues.apache.org/jira/secure/Signup!default.jspa
> 
> --kevan
> 
> 

Thanks Kevan!

Just created the new Issue: 
http://issues.apache.org/jira/browse/GERONIMO-4572
http://issues.apache.org/jira/browse/GERONIMO-4572 
Hope it's appropriate 

-Kaupo
-- 
View this message in context: 
http://www.nabble.com/Custom-Login-Module-HttpServletRequest-access-for-webservice-tp22303812s134p22354239.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.

Re: Custom Login Module HttpServletRequest access for webservice

2009-03-05 Thread Kevan Miller



On Mar 5, 2009, at 5:40 AM, Kaupo wrote:


I'd love to file a jira enhancement request. But I've never done that
before, so when can I do it?


Thanks Kaupo.

Geronimo's Jira page is here -- http://issues.apache.org/jira/browse/GERONIMO

You'll need a Jira account to create Jira's. Do this here -- 
https://issues.apache.org/jira/secure/Signup!default.jspa

--kevan

Re: Custom Login Module HttpServletRequest access for webservice

2009-03-05 Thread Kaupo




djencks wrote:
> 
> 
> I'm pretty sure that the specs don't support what your login module is  
> doing, and that it only works due to some accidents of implementation  
> in geronimo.  However, we ought to be able to make it work for ejb  
> webservices just as well as for servlets.  I doubt it will be a big  
> change.  I'm not sure we can get it fixed for 2.1.4 we'll see.   
> Could you file a jira enhancement request?
> 
> The "official" way to do this is really to use JASPI and set up a  
> custom authentication method that replaces the BASIC auth and fishes  
> the info out of the request and provides it to the login service  
> in this case presumably a login module.  However JASPI is only  
> available in trunk and with the currently rapidly changing jetty 7  
> integration and we don't have the tck for it yet.
> 
> thanks
> david jencks
> 

I'd love to file a jira enhancement request. But I've never done that
before, so when can I do it?
JASPI sounds interesting but unfortunately I don't have time to learn it -
the project deadline is approaching.

Thanks for the fast reply David!

-Kaupo
-- 
View this message in context: 
http://www.nabble.com/Custom-Login-Module-HttpServletRequest-access-for-webservice-tp22303812s134p22349175.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.

Re: Custom Login Module HttpServletRequest access for webservice

2009-03-03 Thread David Jencks

On Mar 2, 2009, at 11:39 PM, Kaupo wrote:

Hi!

I have made a custom login module where I need to retrieve some user
data

from the HttpServletRequest. The following piece of code work well:

request = (HttpServletRequest)
PolicyContext.getContext("javax.servlet.http.HttpServletRequest");

The problem is that it only works when I login from the website.
When I use BASIC authentication from a webservice then the request
is going

to be null!
(I think it's because I made my service out of a bean and configured
it in

the ejb container)

Is there a way for me to get a similar or a HttpServletRequest when
loging

in from my webservice?
I need to get the users/servers IP from where the call is made.

I'm pretty sure that the specs don't support what your login module is
doing, and that it only works due to some accidents of implementation
in geronimo. However, we ought to be able to make it work for ejb
webservices just as well as for servlets. I doubt it will be a big
change. I'm not sure we can get it fixed for 2.1.4 we'll see.
Could you file a jira enhancement request?

The "official" way to do this is really to use JASPI and set up a
custom authentication method that replaces the BASIC auth and fishes
the info out of the request and provides it to the login service
in this case presumably a login module. However JASPI is only
available in trunk and with the currently rapidly changing jetty 7
integration and we don't have the tck for it yet.

thanks
david jencks

Thanks in advance

-Kaupo

--
View this message in context:
http://www.nabble.com/Custom-Login-Module-HttpServletRequest-access-for-webservice-tp22303812s134p22303812.html
Sent from the Apache Geronimo - Users mailing list archive at
Nabble.com.

Re: Custom Login Module HttpServletRequest access for webservice

Re: Custom Login Module HttpServletRequest access for webservice

Re: Custom Login Module HttpServletRequest access for webservice

Re: Custom Login Module HttpServletRequest access for webservice

4 matches

Site Navigation

Mail list logo

Footer information