tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rnieto <>
Subject Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Date Thu, 21 Jul 2011 10:01:04 GMT

I'm trying out what you've created, but there's one thing that seems to be

Couldn't find this one on any of the OpenEJB 3.1.4 release jars. Would this
be available with some other openejb jar that I haven't downloaded, or could
this be replaced with the DeploymentInfo object?

David Blevins-2 wrote:
> I had a look at the SpnegoHttpFilter source and it seems the primary thing
> they're doing is wrapping the HttpServletRequest with a
> SpnegoHttpServletRequest -- I'm guessing to alter the behavior of the
> getUserPrincipal() method.
> I did some digging into Tomcat on the various ways you can redirect and it
> looks like RequestDispatcher.forward() will preserve the original http
> request and response.  So setting up the SpnegoHttpFilter against a
> servlet (or another filter) that uses a RequestDispatcher.forward() to
> forward to the webservice should do the trick.
> That should get you the same service you would get in any other EE impl.
> I think it could be better.  Wrapping the servlet request and overriding
> that one method isn't going to get that totally unified "feel" as when you
> travel into EJB land which also has a getCallerPrincipal method as well as
> method based security via @RolesAllowed, the "wrap the servletrequest"
> trick isn't going to have any effect.
> I hacked you up a little Spnego security service for OpenEJB based on our
> Tomcat security service.  No reason to have OpenEJB setup to use the
> Tomcat security Realm APIs when Spnego doesn't use them.  Better to have
> OpenEJB just use the work the SpnegoFilter did.  Not tested but should
> work
> Primary thing is to make sure the SpnegoSecurityServiceFilter is run after
> the SpnegoFilter.  Then move this jar and the spnego jars into either the
> tomcat/lib/ dir or the tomcat/webapps/openejb/lib/ dir.
> Hope this helps!
> -David

View this message in context:
Sent from the OpenEJB User mailing list archive at

View raw message