Re: Filter Init order
On Thu, Nov 13, 2008 at 10:35 AM, [EMAIL PROTECTED] wrote: Is there a guaranteed way to specify the order that filters get initialized? Running Tomcat 6.0.14 (on windows right now for testing) I have also used servlet 2.3 and 2.5 declarations in web.xml I have 5 filters defined. - 2 are custom - 3 are out of the box (SiteMesh, Struts2, Struts2Cleanup) I need for my 2 custom filters to init first and in a particular order. I have moved the order of their declaration around in web.xml with frustrating results. Struts2 filter always inits first (no matter what order its specified in web.xml) and then my custom filters seem to init in reverse order from what is specified in web.xml. Did you also rearranged their mapping configuration in web.xml? Thanks, Ken - This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMorgan Chase Co., its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- The dirtiest book of all is the expurgated book. Walt Whitman
Get Security subject from Tomcat
Hi, Is there is was I can get the authenticated User from inside my servlet/filter? IT seems none of the assumed ways work : getSession().getAttribute(Globals.SUBJECT_ATTR); Subject.getSubject(AccessController.getContext()); Please reply directly, I am not subscribed. -thanks, -arash -- The dirtiest book of all is the expurgated book. Walt Whitman
Re: Get Security subject from Tomcat
On Wed, Nov 12, 2008 at 4:06 PM, Caldarale, Charles R [EMAIL PROTECTED] wrote: From: Arash Bizhan zadeh [mailto:[EMAIL PROTECTED] Subject: Get Security subject from Tomcat Is there is was I can get the authenticated User from inside my servlet/filter? Perhaps reading the Servlet spec or the APIs would help: http://java.sun.com/products/servlet/2.5/docs/servlet-2_5-mr2/javax/servlet/http/HttpServletRequest.html#getUserPrincipal()http://java.sun.com/products/servlet/2.5/docs/servlet-2_5-mr2/javax/servlet/http/HttpServletRequest.html#getUserPrincipal%28%29 Sure it might help. Reading my mail would have helped too. I need the Subject not the principal. Please reply directly, I am not subscribed. Then I guess you won't see the response... - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- The dirtiest book of all is the expurgated book. Walt Whitman
Re: Get Security subject from Tomcat
On Wed, Nov 12, 2008 at 5:34 PM, Christopher Schultz
[EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arash,
Arash Bizhan zadeh wrote:
Sure [reading the servlet API] might help. Reading my mail would have
helped too. I need the
Subject not the principal.
Ouch. You're gonna get the cold shoulder with that kind of snarkiness.
Your original message said authenticated user in the body.
A quick look through Tomcat's source code shows:
$ grep SUBJECT_ATTR `find java/ -name *.java`
java/org/apache/catalina/connector/Request.java:
session.getAttribute(Globals.SUBJECT_ATTR) == null) {
java/org/apache/catalina/connector/Request.java:
session.setAttribute(Globals.SUBJECT_ATTR, subject);
java/org/apache/catalina/security/SecurityUtil.java:
(Subject)session.getAttribute(Globals.SUBJECT_ATTR);
java/org/apache/catalina/security/SecurityUtil.java:
session.setAttribute(Globals.SUBJECT_ATTR, subject);
java/org/apache/catalina/session/StandardSession.java:
Globals.SUBJECT_ATTR
java/org/apache/catalina/Globals.java:public static final String
SUBJECT_ATTR =
Taking a quick look at these classes shows that this:
getSession().getAttribute(Globals.SUBJECT_ATTR);
Tomcat 5.5.26, returns null as subject. I have security constraints on
web.xml and developed a JAAS module to login, so I guess the subject is not
null.
Any suggestions?
should work. Of course, there's always a chance that the subject is
null. In most cases in the code, when the Subject is null, a new Subject
object is created with no arguments and thrown into the session under
the Globals.SUBJECT_ATTR key.
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkkbWgUACgkQ9CaO5/Lv0PB7ywCfWsw8lOmT2rg85wddJ+n3C6xL
PWsAn1KdKrcv+mErYjOjaNMAonGYE/yS
=nnOG
-END PGP SIGNATURE-
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
The dirtiest book of all is the expurgated book.
Walt Whitman
