tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geoff Callender <abc_...@mac.com>
Subject Re: How to propagate security context from Jetty to OpenEJB?
Date Sat, 30 Jan 2010 09:46:52 GMT

Am I on the right track? Inspired by OpenEJBValve, I've extended Jetty's
SecurityHandler to do something similar...


import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.openejb.loader.SystemInstance;
import org.apache.openejb.spi.SecurityService;
import org.apache.openejb.util.OpenEjbVersion;
import org.mortbay.jetty.security.SecurityHandler;

import au.com.tenam.business.openejb.JettySecurityService;

public class OpenEJBSecurityHandler extends SecurityHandler {
	protected JettySecurityService securityService;

	@Override
	public void doStart() throws Exception {
		String info = getClass().getName() + "/" +
OpenEjbVersion.get().getVersion();
		System.out.println("Initing " + info);
		securityService = getSecurityService();
	}

	@Override
	public void handle(String target, HttpServletRequest request,
HttpServletResponse response, int dispatch)
			throws IOException, ServletException {
		Object oldState = null;
		if (securityService != null && request != null) {
			oldState = securityService.enterWebApp(getUserRealm(),
request.getUserPrincipal(), null);
		}

		try {
			super.handle(target, request, response, dispatch);
		}
		finally {
			if (securityService != null) {
				securityService.exitWebApp(oldState);
			}
		}
	}

	@SuppressWarnings("unchecked")
	private JettySecurityService getSecurityService() {
		SecurityService securityService =
SystemInstance.get().getComponent(SecurityService.class);
		if (securityService instanceof JettySecurityService) {
			return (JettySecurityService) securityService;
		}
		return null;
	}

}


It's not quite working - I'm getting NPE during super.handle(...) which is
probably a config issue (SessionIdManager shouldn't be null) that I'll take
to the Jetty lists - but is there anything more that the Jetty side should
do?
-- 
View this message in context: http://n4.nabble.com/How-to-propagate-security-context-from-Jetty-to-OpenEJB-tp1289042p1457324.html
Sent from the OpenEJB User mailing list archive at Nabble.com.

Mime
View raw message