tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Blevins <>
Subject Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Date Thu, 21 Jul 2011 10:34:21 GMT

On Jul 21, 2011, at 3:01 AM, rnieto wrote:

> Hi,
> I'm trying out what you've created, but there's one thing that seems to be
> missing:
> org.apache.openejb.BeanContext
> Couldn't find this one on any of the OpenEJB 3.1.4 release jars. Would this
> be available with some other openejb jar that I haven't downloaded, or could
> this be replaced with the DeploymentInfo object?

Oh, right, we renamed that in trunk :)  Yes, DeploymentInfo is the former name.


> David Blevins-2 wrote:
>> I had a look at the SpnegoHttpFilter source and it seems the primary thing
>> they're doing is wrapping the HttpServletRequest with a
>> SpnegoHttpServletRequest -- I'm guessing to alter the behavior of the
>> getUserPrincipal() method.
>> I did some digging into Tomcat on the various ways you can redirect and it
>> looks like RequestDispatcher.forward() will preserve the original http
>> request and response.  So setting up the SpnegoHttpFilter against a
>> servlet (or another filter) that uses a RequestDispatcher.forward() to
>> forward to the webservice should do the trick.
>> That should get you the same service you would get in any other EE impl.
>> I think it could be better.  Wrapping the servlet request and overriding
>> that one method isn't going to get that totally unified "feel" as when you
>> travel into EJB land which also has a getCallerPrincipal method as well as
>> method based security via @RolesAllowed, the "wrap the servletrequest"
>> trick isn't going to have any effect.
>> I hacked you up a little Spnego security service for OpenEJB based on our
>> Tomcat security service.  No reason to have OpenEJB setup to use the
>> Tomcat security Realm APIs when Spnego doesn't use them.  Better to have
>> OpenEJB just use the work the SpnegoFilter did.  Not tested but should
>> work
>> Primary thing is to make sure the SpnegoSecurityServiceFilter is run after
>> the SpnegoFilter.  Then move this jar and the spnego jars into either the
>> tomcat/lib/ dir or the tomcat/webapps/openejb/lib/ dir.
>> Hope this helps!
>> -David
> --
> View this message in context:
> Sent from the OpenEJB User mailing list archive at

View raw message