Hi, I'm getting hung up on something that's probably really simple to fix. I have a Tomcat+LDAP configuration that is doing Authc and Authz for me--All I have to do is look in the request header to see the user principal and log the dude/dudette in.
So I'm using the built in factory.authc filter on some of my paths that need protecting. Here's where I'm at: In the legacy code I have now, the user would have a G_User.class ASO created on the Layout component (my own class to hold user stuff). I'd like to move that ASO creation closer to the code where the user is deemed authenticated (i.e. outside of a particular component or page). I feel like this is possible, I'm just missing something. There's some user class creation stuff going on inside of the FederatedAccounts test application UserRealm, but it's not setting an ASO. Should I be setting the ASO in a custom Realm or ?? Also, I've added the code in my module for contributing to the ApplicationStateManager for creating/retrieving a G_User. However it doesn't seem to be affecting anything. Some assumptions for our case: By the time the user gets to our T5 app, they have already been authc/authz by the external SSO provider. If the user has never logged in before (ie. UserDAO.getUser(username)==null) then we register the new guy (UserDAO.registerNewUser(foo)) and then set his ASO to the newly created one. If his account was not null, then we set it as the ASO. Thanks, Dan
