|
Hi Paul, Initial thumb suck over here... create a context object that stores your authentication details and store it as a threadlocal... Just a quick question... Since you're using Spring have you looked at ACEGI at all? Security framework built for Spring, primarily focused on web apps... We're using it in a Swing app though... Offers domain object level protection, and all such other goodies... Cheers, Renier Paul wrote: Hi I authenticate users to my web application using JAAS. This results in the logged in username being available to Servlets and JSP's via request.getUserPrincipal().getName().I'm using Spring's AOP implementation to wrap calls to particular classes (using a Spring Method Inteceptor). My Spring AOP Method Inteceptor needs to discover which user is currently logged in. Since I don't have access to the HTTP request object I don't know how to retrieve the current user pincipal, and hence the username. The problem isn'nt the fact that I'm using AOP - the problem is that I need to get hold of the JAAS user principle within a POJO without having access to the HTTP request. Thanks for your time. Regards Paul |
- [CTJUG Forum] AOP / JAAS / Tomcat / JBoss Paul
- [CTJUG Forum] Re: AOP / JAAS / Tomcat / JBoss Renier Rhode
- [CTJUG Forum] Re: AOP / JAAS / Tomcat / JBoss Paul
