--- On Wed, 3/2/11, anyz <[email protected]> wrote: > From: anyz <[email protected]> > Subject: Re: Storing Custom Object in Session on User Login > To: "Jetspeed Users List" <[email protected]> > Date: Wednesday, March 2, 2011, 11:59 AM > I think i got it...added the custom > valve in default jetspeed pipeline that > is in the following bean: > > <bean id="jetspeed-pipeline"......../> > > It is added after <ref bean="loginValidationValve" /> > in constructor > argument list. Now subject and everything is available.] > > Is this correct way to do things?
Sounds reasonable because your custom valve seems to be responsible to set some session attribute(s) only for valid authenticated users. -Woonsan > > > > > On Wed, Mar 2, 2011 at 3:37 PM, anyz <[email protected]> > wrote: > > > I added custom valve in "login-pipeline" bean defined > in pipelines.xml that > > is probably not right place to do. > > > > > > > > On Wed, Mar 2, 2011 at 3:10 PM, anyz <[email protected]> > wrote: > > > >> I implemented my custom valve by extending > AbstractSecurityValve. The > >> documentation says this valve "Authenticates the > user or redirects to Login > >> if necessary, adds the authenticated Subject to > the RequestContext." > >> However in the invoke() method as i try to get > subject from request > >> context its always NULL. > >> > >> My understanding is this valve invokes login > module to authenticate user > >> and once authentication done it sets teh subject > in request context. I have > >> called the super.invoke(rc,vc) in my custom valve > but subject is always > >> NULL. > >> > >> Could you please guide what am i missing? > >> > >> Thanks > >> > >> > >> > >> On Wed, Mar 2, 2011 at 4:17 AM, Woonsan Ko <[email protected]> > wrote: > >> > >>> > >>> --- On Tue, 3/1/11, anyz <[email protected]> > wrote: > >>> > >>> > From: anyz <[email protected]> > >>> > Subject: Storing Custom Object in Session > on User Login > >>> > To: "Jetspeed Users List" <[email protected]> > >>> > Date: Tuesday, March 1, 2011, 6:49 AM > >>> > I need to set a custom class object > >>> > into session once user logged into > >>> > Jetspeed. This object will be accessed > and used later by > >>> > portlets. After > >>> > searching into email list and forum i > found two ways of > >>> > intercepting J2 > >>> > login process: > >>> > > >>> > 1- Custom Login Module > >>> > 2- Custom Security Valve and possibly > Filter (not sure if > >>> > Filter works in > >>> > Jetspeed 2.2.1 or its for old version) > >>> > > >>> > I manged to plug my custom login module > however i could not > >>> > find a way to > >>> > get session in login() method and set my > custom class > >>> > object into session. > >>> > Is it possible to get HttpSession in > custom login module? > >>> > >>> It is not possible to access HttpSession in a > JAAS LoginModule. > >>> > >>> > > >>> > If i have write security valve, do i also > need some sort of > >>> > Serverlt filter > >>> > where i can set custom object into > session. > >>> > >>> You don't need a servlet filter if you use a > custom security valve. > >>> Servlet filter such as PoralLoginFilter is > enabled/used only for some > >>> environment like WAS instead of Jetspeed JAAS > LoginModule. > >>> > >>> > >>> Woonsan > >>> > >>> > > >>> > > >>> > Thanks > >>> > > >>> > >>> > >>> > >>> > >>> > --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: [email protected] > >>> For additional commands, e-mail: [email protected] > >>> > >>> > >> > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
