Since the authenticated Subject that was set in session by Portal Application (jetspeed.war) is availabel in all portlet applications. How did it work and can't i make my custom calass behave similarly.
Thanks On Thu, Mar 3, 2011 at 3:21 PM, anyz <[email protected]> wrote: > Now portlet development contain lots of challenges...As i stated actually i > want to set a custom class (say MySessionClass) into session. With security > valve i have to have that class in jar file that contains custom security > valve and placed in portal application jetspeed. > > While getting this attribute from my portlet application i have that > MySessionClass in portlet application classpath. Now casting the session > attribute to this causes ClassCastException becuase two classes are loaded > by JVM from differnt locations. > > One possible way could be to place the MySessionClass in soem common lib or > application server (Tomcat) where both portal and portlet application can > access it. But i wonder how people achieve this behaviour...ins'nt there > some more simple way. > > On Thu, Mar 3, 2011 at 12:12 PM, anyz <[email protected]> wrote: > >> Thank you woonsan, it worked like a charm. >> >> >> On Thu, Mar 3, 2011 at 4:36 AM, Woonsan Ko <[email protected]> wrote: >> >>> In your custom valve, you may have set an attribute in an http session of >>> the portal application. >>> Now, you're trying to get the attribute in an http session of a portlet >>> application. Http sessions are not shared between web applications. >>> So, you can try this from your portlet code with Jetspeed API to get >>> accesses to the portal session attributes: >>> >>> import org.apache.jetspeed.request.RequestContext; >>> >>> RequestContext rc = (RequestContext) >>> portletRequest.getAttribute(RequestContext.REQUEST_PORTALENV); >>> Object attr = rc.getSessionAttribute("some-attribute-name"); >>> >>> >>> Woonsan >>> >>> --- On Wed, 3/2/11, anyz <[email protected]> wrote: >>> >>> > From: anyz <[email protected]> >>> > Subject: Re: Storing Custom Object in Session on User Login >>> > To: "Jetspeed Users List" <[email protected]> >>> > Date: Wednesday, March 2, 2011, 2:59 PM >>> > I used to get session in valve as >>> > requestContext.getRequest().getSession() >>> > and then set attribute in session. However i am not able to >>> > get this >>> > attribute in portlet JSP page from HttpSession or >>> > PortletSession. This seems >>> > to be same problem as given in another thread at >>> > http://permalink.gmane.org/gmane.comp.jakarta.jetspeed.user/23626 >>> > >>> > Probably if i could set the attribute in portletsession and >>> > with >>> > APPLICATION_SCOPE that may be available. But its not >>> > possibel to get portlet >>> > session in valve. >>> > >>> > >>> > >>> > >>> > >>> > On Wed, Mar 2, 2011 at 5:54 PM, anyz <[email protected]> >>> > wrote: >>> > >>> > > In custom security valve if i set an attribute in >>> > session. Later i 'm not >>> > > able to get this attribute in portlet JSP page. It is >>> > always >>> > > NULL. Application is deployed on Tomcat and already >>> > have set >>> > > crossContext="true". Does the session get overridden >>> > somewhere? >>> > > >>> > > Thanks >>> > > >>> > > On Wed, Mar 2, 2011 at 3:59 PM, anyz >>> > <[email protected]> >>> > wrote: >>> > > >>> > >> I think i got it...added the custom valve in >>> > default jetspeed pipeline >>> > >> that is in the following bean: >>> > >> >>> > >> <bean id="jetspeed-pipeline"......../> >>> > >> >>> > >> It is added after <ref >>> > bean="loginValidationValve" /> in constructor >>> > >> argument list. Now subject and everything is >>> > available.] >>> > >> >>> > >> Is this correct way to do things? >>> > >> >>> > >> >>> > >> >>> > >> >>> > >> On Wed, Mar 2, 2011 at 3:37 PM, anyz <[email protected]> >>> > wrote: >>> > >> >>> > >>> I added custom valve in "login-pipeline" bean >>> > defined in pipelines.xml >>> > >>> that is probably not right place to do. >>> > >>> >>> > >>> >>> > >>> >>> > >>> On Wed, Mar 2, 2011 at 3:10 PM, anyz <[email protected]> >>> > wrote: >>> > >>> >>> > >>>> I implemented my custom valve by extending >>> > AbstractSecurityValve. The >>> > >>>> documentation says this valve >>> > "Authenticates the user or redirects to Login >>> > >>>> if necessary, adds the authenticated >>> > Subject to the RequestContext." >>> > >>>> However in the invoke() method as i try to >>> > get subject from request >>> > >>>> context its always NULL. >>> > >>>> >>> > >>>> My understanding is this valve invokes >>> > login module to authenticate user >>> > >>>> and once authentication done it sets teh >>> > subject in request context. I have >>> > >>>> called the super.invoke(rc,vc) in my >>> > custom valve but subject is always >>> > >>>> NULL. >>> > >>>> >>> > >>>> Could you please guide what am i missing? >>> > >>>> >>> > >>>> Thanks >>> > >>>> >>> > >>>> >>> > >>>> >>> > >>>> On Wed, Mar 2, 2011 at 4:17 AM, Woonsan Ko >>> > <[email protected]> >>> > wrote: >>> > >>>> >>> > >>>>> >>> > >>>>> --- On Tue, 3/1/11, anyz <[email protected]> >>> > wrote: >>> > >>>>> >>> > >>>>> > From: anyz <[email protected]> >>> > >>>>> > Subject: Storing Custom Object in >>> > Session on User Login >>> > >>>>> > To: "Jetspeed Users List" <[email protected]> >>> > >>>>> > Date: Tuesday, March 1, 2011, >>> > 6:49 AM >>> > >>>>> > I need to set a custom class >>> > object >>> > >>>>> > into session once user logged >>> > into >>> > >>>>> > Jetspeed. This object will be >>> > accessed and used later by >>> > >>>>> > portlets. After >>> > >>>>> > searching into email list and >>> > forum i found two ways of >>> > >>>>> > intercepting J2 >>> > >>>>> > login process: >>> > >>>>> > >>> > >>>>> > 1- Custom Login Module >>> > >>>>> > 2- Custom Security Valve and >>> > possibly Filter (not sure if >>> > >>>>> > Filter works in >>> > >>>>> > Jetspeed 2.2.1 or its for old >>> > version) >>> > >>>>> > >>> > >>>>> > I manged to plug my custom login >>> > module however i could not >>> > >>>>> > find a way to >>> > >>>>> > get session in login() method and >>> > set my custom class >>> > >>>>> > object into session. >>> > >>>>> > Is it possible to get HttpSession >>> > in custom login module? >>> > >>>>> >>> > >>>>> It is not possible to access >>> > HttpSession in a JAAS LoginModule. >>> > >>>>> >>> > >>>>> > >>> > >>>>> > If i have write security valve, >>> > do i also need some sort of >>> > >>>>> > Serverlt filter >>> > >>>>> > where i can set custom object >>> > into session. >>> > >>>>> >>> > >>>>> You don't need a servlet filter if you >>> > use a custom security valve. >>> > >>>>> Servlet filter such as >>> > PoralLoginFilter is enabled/used only for some >>> > >>>>> environment like WAS instead of >>> > Jetspeed JAAS LoginModule. >>> > >>>>> >>> > >>>>> >>> > >>>>> Woonsan >>> > >>>>> >>> > >>>>> > >>> > >>>>> > >>> > >>>>> > Thanks >>> > >>>>> > >>> > >>>>> >>> > >>>>> >>> > >>>>> >>> > >>>>> >>> > >>>>> >>> > --------------------------------------------------------------------- >>> > >>>>> To unsubscribe, e-mail: >>> [email protected] >>> > >>>>> For additional commands, e-mail: >>> [email protected] >>> > >>>>> >>> > >>>>> >>> > >>>> >>> > >>> >>> > >> >>> > > >>> > >>> >>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >>> >>> >> >
