On Mon, 18 Feb 2002, Mark R. Diggory wrote:
> Date: Mon, 18 Feb 2002 18:01:20 -0500
> From: Mark R. Diggory <[EMAIL PROTECTED]>
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Realms and User Sessions.
>
> There are some objects I create inside my Custom Security Realm that I
> want to make available in the Users session. Is there a way I can get
> hold of the users session from within my custom realm class?
>
I assume you are talking about Tomcat 4, right?
If so, there is no way for the Realm itself to reference the user's
session -- all a Realm knows how to do is answer the "is this user
authorized" and "does this user have the right role" type questions.
If you want to modify the state of the current request or session, you
should really be looking at subclassing one of the existing Authenticator
classes, instead of trying to do that in the Realm. The Authenticator has
complete access to the current request, so you can get the session via:
HttpSession session =
((HttpRequest) request.getRequest()).getSession();
Don't forget to put the classes for the objects you might create into
common/lib so that they are visible to both Catalina and your webapp.
> -Mark Diggory
>
Craig
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
