On Mar 2, 2009, at 11:39 PM, Kaupo wrote:
Hi!
I have made a custom login module where I need to retrieve some user
data
from the HttpServletRequest. The following piece of code work well:
request = (HttpServletRequest)
PolicyContext.getContext("javax.servlet.http.HttpServletRequest");
The problem is that it only works when I login from the website.
When I use BASIC authentication from a webservice then the request
is going
to be null!
(I think it's because I made my service out of a bean and configured
it in
the ejb container)
Is there a way for me to get a similar or a HttpServletRequest when
loging
in from my webservice?
I need to get the users/servers IP from where the call is made.
I'm pretty sure that the specs don't support what your login module is
doing, and that it only works due to some accidents of implementation
in geronimo. However, we ought to be able to make it work for ejb
webservices just as well as for servlets. I doubt it will be a big
change. I'm not sure we can get it fixed for 2.1.4.... we'll see.
Could you file a jira enhancement request?
The "official" way to do this is really to use JASPI and set up a
custom authentication method that replaces the BASIC auth and fishes
the info out of the request and provides it to the login service....
in this case presumably a login module. However JASPI is only
available in trunk and with the currently rapidly changing jetty 7
integration and we don't have the tck for it yet.
thanks
david jencks
Thanks in advance
-Kaupo
--
View this message in context:
http://www.nabble.com/Custom-Login-Module-HttpServletRequest-access-for-webservice-tp22303812s134p22303812.html
Sent from the Apache Geronimo - Users mailing list archive at
Nabble.com.
