Thanx Woonsan, I worked as you suggested. A object set into session in Filter Class is accessible to rest of portlets. However i am not able to get and set the stuff into the session-scoped spring bean defined in my application. Its seems to be problem with my spring related logic. This bean is later wired into business delegate classes. Without this i have to pass session object to every method of delegate where needed.
It throws errors when i try to set a value in session-scoped spring bean. "java.lang.IllegalStateException: No thread-bound request found: Are you referring to request attributes outside of an actual web request, or processing a request outside of the originally receiving thread? If you are actually operating within a web request and still receive this message, your code is probably running outside of DispatcherServlet/DispatcherPortlet: In this case, use RequestContextListener or RequestContextFilter to expose the current request." I am going t post a question at Spring Forum about this. Thanks once again. On Thu, Mar 10, 2011 at 8:53 PM, Woonsan Ko <[email protected]> wrote: > You may consider using a JSR 286 Portlet Filter, which can intercept > portlet request, so you can access portal session through the portlet > request. It seems possible to set an application-scope session attribute > there for your spring application through the portlet request. > > Woonsan > > --- On Thu, 3/10/11, anyz <[email protected]> wrote: > > > From: anyz <[email protected]> > > Subject: Re: Storing Custom Object in Session on User Login > > To: "Jetspeed Users List" <[email protected]> > > Date: Thursday, March 10, 2011, 12:22 PM > > It could be some thing like a session > > listner in portlet application. We can > > capture event in this listener, when session is created > > (i.e. first request > > to any of portlet in portlet application). However at this > > point we do not > > have access to Portal session. > > > > On Thu, Mar 10, 2011 at 4:02 PM, anyz <[email protected]> > > wrote: > > > > > Woonsan, > > > > > > I have successfully get the session object in Portlet > > applicaton that was > > > set by Portal application in custom security valve. > > There is one more step > > > left in process. Actually portlet application has a > > session-scoped spring > > > bean. The values from session object (set by portal > > app) should be extracted > > > and set into spring bean.This spring bean is then > > accessible to other > > > classes through dependency injection performed by > > Spring. > > > > > > What could be point where i can set the values in > > portlet application > > > session-scoped spring bean. For example writing > > listner kind of thing. Is > > > jet speed providing some thing...a entry point to > > Portlet application? > > > > > > Thanks > > > > > > > > > On Fri, Mar 4, 2011 at 11:14 AM, anyz <[email protected]> > > wrote: > > > > > >> Thats right. Woonsan thank you very much for your > > time and effort. It > > >> helped me a lot to come out of this hard > > situation. > > >> > > >> Thanks > > >> > > >> > > >> On Thu, Mar 3, 2011 at 11:46 PM, Woonsan Ko <[email protected]> > > wrote: > > >> > > >>> As you already know, Jetspeed uses shared > > interfaces/classes if anything > > >>> should be shared among applications. For this > > reason, jetspeed-api and > > >>> jetspeed-commons jar files are deployed into > > the shared class path (e.g. > > >>> $CATALINA_HOME/lib) > > >>> > > >>> Woonsan > > >>> > > >>> > > >>> --- On Thu, 3/3/11, anyz <[email protected]> > > wrote: > > >>> > > >>> > From: anyz <[email protected]> > > >>> > Subject: Re: Storing Custom Object in > > Session on User Login > > >>> > To: "Jetspeed Users List" <[email protected]> > > >>> > Date: Thursday, March 3, 2011, 11:35 AM > > >>> > Since the authenticated Subject > > that > > >>> > was set in session by Portal > > >>> > Application (jetspeed.war) is availabel > > in all portlet > > >>> > applications. How did > > >>> > it work and can't i make my custom calass > > behave > > >>> > similarly. > > >>> > > > >>> > Thanks > > >>> > > > >>> > On Thu, Mar 3, 2011 at 3:21 PM, anyz > > <[email protected]> > > >>> > wrote: > > >>> > > > >>> > > Now portlet development contain lots > > of > > >>> > challenges...As i stated actually i > > >>> > > want to set a custom class (say > > MySessionClass) into > > >>> > session. With security > > >>> > > valve i have to have that class in > > jar file that > > >>> > contains custom security > > >>> > > valve and placed in portal > > application jetspeed. > > >>> > > > > >>> > > While getting this attribute from my > > portlet > > >>> > application i have that > > >>> > > MySessionClass in portlet > > application classpath. Now > > >>> > casting the session > > >>> > > attribute to this causes > > ClassCastException becuase > > >>> > two classes are loaded > > >>> > > by JVM from differnt locations. > > >>> > > > > >>> > > One possible way could be to place > > the MySessionClass > > >>> > in soem common lib or > > >>> > > application server (Tomcat) where > > both portal and > > >>> > portlet application can > > >>> > > access it. But i wonder how people > > achieve this > > >>> > behaviour...ins'nt there > > >>> > > some more simple way. > > >>> > > > > >>> > > On Thu, Mar 3, 2011 > > at 12:12 PM, anyz > > >>> > <[email protected]> > > >>> > wrote: > > >>> > > > > >>> > >> Thank you woonsan, it worked > > like a charm. > > >>> > >> > > >>> > >> > > >>> > >> On Thu, Mar 3, 2011 at 4:36 AM, > > Woonsan Ko <[email protected]> > > >>> > wrote: > > >>> > >> > > >>> > >>> In your custom valve, you > > may have set an > > >>> > attribute in an http session of > > >>> > >>> the portal application. > > >>> > >>> Now, you're trying to get > > the attribute in an > > >>> > http session of a portlet > > >>> > >>> application. Http sessions > > are not shared > > >>> > between web applications. > > >>> > >>> So, you can try this from > > your portlet code > > >>> > with Jetspeed API to get > > >>> > >>> accesses to the portal > > session attributes: > > >>> > >>> > > >>> > >>> import > > >>> > > > org.apache.jetspeed.request.RequestContext; > > >>> > >>> > > >>> > >>> RequestContext rc = > > (RequestContext) > > >>> > >>> > > >>> > > > portletRequest.getAttribute(RequestContext.REQUEST_PORTALENV); > > >>> > >>> Object attr = > > >>> > > > rc.getSessionAttribute("some-attribute-name"); > > >>> > >>> > > >>> > >>> > > >>> > >>> Woonsan > > >>> > >>> > > >>> > >>> --- On Wed, 3/2/11, anyz > > <[email protected]> > > >>> > wrote: > > >>> > >>> > > >>> > >>> > From: anyz <[email protected]> > > >>> > >>> > Subject: Re: Storing > > Custom Object in > > >>> > Session on User Login > > >>> > >>> > To: "Jetspeed Users > > List" <[email protected]> > > >>> > >>> > Date: Wednesday, March > > 2, 2011, 2:59 PM > > >>> > >>> > I used to get > > session in valve as > > >>> > >>> > > > requestContext.getRequest().getSession() > > >>> > >>> > and then set attribute > > in session. > > >>> > However i am not able to > > >>> > >>> > get this > > >>> > >>> > attribute in portlet > > JSP page from > > >>> > HttpSession or > > >>> > >>> > PortletSession. This > > seems > > >>> > >>> > to be same problem as > > given in another > > >>> > thread at > > >>> > >>> > > > >>> http://permalink.gmane.org/gmane.comp.jakarta.jetspeed.user/23626 > > >>> > >>> > > > >>> > >>> > Probably if i could set > > the attribute in > > >>> > portletsession and > > >>> > >>> > with > > >>> > >>> > APPLICATION_SCOPE that > > may be available. > > >>> > But its not > > >>> > >>> > possibel to get > > portlet > > >>> > >>> > session in valve. > > >>> > >>> > > > >>> > >>> > > > >>> > >>> > > > >>> > >>> > > > >>> > >>> > > > >>> > >>> > On Wed, Mar 2, 2011 at > > 5:54 PM, anyz > > >>> > <[email protected]> > > >>> > >>> > wrote: > > >>> > >>> > > > >>> > >>> > > In custom security > > valve if i set an > > >>> > attribute in > > >>> > >>> > session. Later i 'm > > not > > >>> > >>> > > able to get this > > attribute in > > >>> > portlet JSP page. It is > > >>> > >>> > always > > >>> > >>> > > NULL. Application > > is deployed on > > >>> > Tomcat and already > > >>> > >>> > have set > > >>> > >>> > > > > crossContext="true". Does the > > >>> > session get overridden > > >>> > >>> > somewhere? > > >>> > >>> > > > > >>> > >>> > > Thanks > > >>> > >>> > > > > >>> > >>> > > > > On Wed, Mar 2, 2011 > > >>> > at 3:59 PM, anyz > > >>> > >>> > <[email protected]> > > >>> > >>> > wrote: > > >>> > >>> > > > > >>> > >>> > >> I think i got > > it...added the > > >>> > custom valve in > > >>> > >>> > default jetspeed > > pipeline > > >>> > >>> > >> that is in the > > following bean: > > >>> > >>> > >> > > >>> > >>> > >> <bean > > >>> > id="jetspeed-pipeline"......../> > > >>> > >>> > >> > > >>> > >>> > >> It is added > > after <ref > > >>> > >>> > > > bean="loginValidationValve" /> in > > >>> > constructor > > >>> > >>> > >> argument list. > > Now subject and > > >>> > everything is > > >>> > >>> > available.] > > >>> > >>> > >> > > >>> > >>> > >> Is this > > correct way to do > > >>> > things? > > >>> > >>> > >> > > >>> > >>> > >> > > >>> > >>> > >> > > >>> > >>> > >> > > >>> > >>> > >> On Wed, Mar 2, > > 2011 at 3:37 PM, > > >>> > anyz <[email protected]> > > >>> > >>> > wrote: > > >>> > >>> > >> > > >>> > >>> > >>> I added > > custom valve in > > >>> > "login-pipeline" bean > > >>> > >>> > defined in > > pipelines.xml > > >>> > >>> > >>> that is > > probably not right > > >>> > place to do. > > >>> > >>> > >>> > > >>> > >>> > >>> > > >>> > >>> > >>> > > >>> > >>> > >>> On Wed, > > Mar 2, 2011 at 3:10 > > >>> > PM, anyz <[email protected]> > > >>> > >>> > wrote: > > >>> > >>> > >>> > > >>> > >>> > >>>> I > > implemented my custom > > >>> > valve by extending > > >>> > >>> > AbstractSecurityValve. > > The > > >>> > >>> > >>>> > > documentation says this > > >>> > valve > > >>> > >>> > "Authenticates the user > > or redirects to > > >>> > Login > > >>> > >>> > >>>> if > > necessary, adds the > > >>> > authenticated > > >>> > >>> > Subject to the > > RequestContext." > > >>> > >>> > >>>> > > However in the invoke() > > >>> > method as i try to > > >>> > >>> > get subject from > > request > > >>> > >>> > >>>> > > context its always > > >>> > NULL. > > >>> > >>> > >>>> > > >>> > >>> > >>>> My > > understanding is this > > >>> > valve invokes > > >>> > >>> > login module to > > authenticate user > > >>> > >>> > >>>> and > > once authentication > > >>> > done it sets teh > > >>> > >>> > subject in request > > context. I have > > >>> > >>> > >>>> called > > the > > >>> > super.invoke(rc,vc) in my > > >>> > >>> > custom valve but > > subject is always > > >>> > >>> > >>>> NULL. > > >>> > >>> > >>>> > > >>> > >>> > >>>> Could > > you please guide > > >>> > what am i missing? > > >>> > >>> > >>>> > > >>> > >>> > >>>> > > Thanks > > >>> > >>> > >>>> > > >>> > >>> > >>>> > > >>> > >>> > >>>> > > >>> > >>> > >>>> On > > Wed, Mar 2, 2011 at > > >>> > 4:17 AM, Woonsan Ko > > >>> > >>> > <[email protected]> > > >>> > >>> > wrote: > > >>> > >>> > >>>> > > >>> > >>> > >>>>> > > >>> > >>> > >>>>> > > --- On Tue, 3/1/11, > > >>> > anyz <[email protected]> > > >>> > >>> > wrote: > > >>> > >>> > >>>>> > > >>> > >>> > >>>>> > > > From: anyz > > >>> > <[email protected]> > > >>> > >>> > >>>>> > > > Subject: > > >>> > Storing Custom Object in > > >>> > >>> > Session on User Login > > >>> > >>> > >>>>> > > > To: "Jetspeed > > >>> > Users List" <[email protected]> > > >>> > >>> > >>>>> > > > Date: Tuesday, > > >>> > March 1, 2011, > > >>> > >>> > 6:49 AM > > >>> > >>> > >>>>> > > > I need to set a > > >>> > custom class > > >>> > >>> > object > > >>> > >>> > >>>>> > > > into session > > >>> > once user logged > > >>> > >>> > into > > >>> > >>> > >>>>> > > > Jetspeed. This > > >>> > object will be > > >>> > >>> > accessed and used later > > by > > >>> > >>> > >>>>> > > > portlets. > > >>> > After > > >>> > >>> > >>>>> > > > searching into > > >>> > email list and > > >>> > >>> > forum i found two ways > > of > > >>> > >>> > >>>>> > > > intercepting > > >>> > J2 > > >>> > >>> > >>>>> > > > login process: > > >>> > >>> > >>>>> > > > > > >>> > >>> > >>>>> > > > 1- Custom Login > > >>> > Module > > >>> > >>> > >>>>> > > > 2- Custom > > >>> > Security Valve and > > >>> > >>> > possibly Filter (not > > sure if > > >>> > >>> > >>>>> > > > Filter works > > >>> > in > > >>> > >>> > >>>>> > > > Jetspeed 2.2.1 > > >>> > or its for old > > >>> > >>> > version) > > >>> > >>> > >>>>> > > > > > >>> > >>> > >>>>> > > > I manged to > > >>> > plug my custom login > > >>> > >>> > module however i could > > not > > >>> > >>> > >>>>> > > > find a way to > > >>> > >>> > >>>>> > > > get session in > > >>> > login() method and > > >>> > >>> > set my custom class > > >>> > >>> > >>>>> > > > object into > > >>> > session. > > >>> > >>> > >>>>> > > > Is it possible > > >>> > to get HttpSession > > >>> > >>> > in custom login > > module? > > >>> > >>> > >>>>> > > >>> > >>> > >>>>> It > > is not possible > > >>> > to access > > >>> > >>> > HttpSession in a JAAS > > LoginModule. > > >>> > >>> > >>>>> > > >>> > >>> > >>>>> > > > > > >>> > >>> > >>>>> > > > If i have write > > >>> > security valve, > > >>> > >>> > do i also need some > > sort of > > >>> > >>> > >>>>> > > > Serverlt > > >>> > filter > > >>> > >>> > >>>>> > > > where i can set > > >>> > custom object > > >>> > >>> > into session. > > >>> > >>> > >>>>> > > >>> > >>> > >>>>> > > You don't need a > > >>> > servlet filter if you > > >>> > >>> > use a custom security > > valve. > > >>> > >>> > >>>>> > > Servlet filter such > > >>> > as > > >>> > >>> > PoralLoginFilter is > > enabled/used only for > > >>> > some > > >>> > >>> > >>>>> > > environment like WAS > > >>> > instead of > > >>> > >>> > Jetspeed JAAS > > LoginModule. > > >>> > >>> > >>>>> > > >>> > >>> > >>>>> > > >>> > >>> > >>>>> > > Woonsan > > >>> > >>> > >>>>> > > >>> > >>> > >>>>> > > > > > >>> > >>> > >>>>> > > > > > >>> > >>> > >>>>> > > > Thanks > > >>> > >>> > >>>>> > > > > > >>> > >>> > >>>>> > > >>> > >>> > >>>>> > > >>> > >>> > >>>>> > > >>> > >>> > >>>>> > > >>> > >>> > >>>>> > > >>> > >>> > > > >>> > > > --------------------------------------------------------------------- > > >>> > >>> > >>>>> To > > unsubscribe, > > >>> > e-mail: > > >>> > >>> [email protected] > > >>> > >>> > >>>>> > > For additional > > >>> > commands, e-mail: > > >>> > >>> [email protected] > > >>> > >>> > >>>>> > > >>> > >>> > >>>>> > > >>> > >>> > >>>> > > >>> > >>> > >>> > > >>> > >>> > >> > > >>> > >>> > > > > >>> > >>> > > > >>> > >>> > > >>> > >>> > > >>> > >>> > > >>> > >>> > > >>> > >>> > > >>> > > > --------------------------------------------------------------------- > > >>> > >>> To unsubscribe, e-mail: > > >>> [email protected] > > >>> > >>> For additional commands, > > e-mail: > > >>> [email protected] > > >>> > >>> > > >>> > >>> > > >>> > >> > > >>> > > > > >>> > > > >>> > > >>> > > >>> > > >>> > > >>> > > --------------------------------------------------------------------- > > >>> To unsubscribe, e-mail: [email protected] > > >>> For additional commands, e-mail: > [email protected] > > >>> > > >>> > > >> > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
