Hey all, I'm getting to a point where I'm going to need to add some good ole authentication and authorization to my app. I've been looking over what's in the auth library and it looks pretty good so far. It's nice and simple and will definitely handle my needs. That is, at the authorization part will. There doesn't seem to really have been anything done on the Authentication side of things. I'm more than willing to write the required servlet filters for username and password based authentication along with remember me support. I just need a bit of help in figuring one particular bit out.
I've been trying to figure out where to put the logged in user information. At first I was thinking of just creating a thread local and stuffing the User object in there. But then I noticed the UserPrincipal class and looked for places where it was being used. That lead me to the RequiresPermission annotation. The way it finds the authenticated user is by getting the UserPrincipal of the Subject. The part I'm struggling with is how to get that Subject populated. I'm somewhat familiar with JAAS, but I'd rather not have to use it if I don't have to. Any suggestions? Thanks, Rich
_______________________________________________ qi4j-dev mailing list [email protected] http://lists.ops4j.org/mailman/listinfo/qi4j-dev
