Take a look at this class. You may have to regenerate the principal and reset it for the catalina request and session.
https://github.com/resteasy/Resteasy/blob/master/jaxrs/security/skeleton-key-idm/skeleton-key-as7/src/main/java/org/jboss/resteasy/skeleton/key/as7/CatalinaSecurityContextHelper.java GenericPrincipal principal = new CatalinaSecurityContextHelper().createPrincipal(context.getRealm(), skp, roles); Session session = request.getSessionInternal(true); session.setPrincipal(principal); session.setAuthType("OAUTH"); I don't remember how JBossWeb does the servlet-tiers constraint checks. This code is actually very nasty. I figured it out once then never looked at it again. On 7/25/2013 2:33 PM, Doug Toppin wrote: > I'm using the Resteasy OAuth 2 skeleton key and would like to add my own > custom roles from an external source to the principal after the > authentication and managed resource valves have finished. I am trying a > ValveBase class to be stacked along with the auth valves but because > GenericPrincipal roles are immutable I don't see a way to add to the list > once GP has been generated. Am I missing something in how to do this? I am > trying not to modify any skeleton key code and wanted it to be an add-on if > possible. Suggestions/examples are appreciated. > > Doug > > > ------------------------------------------------------------------------------ > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > _______________________________________________ > Resteasy-users mailing list > Resteasy-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/resteasy-users > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ Resteasy-users mailing list Resteasy-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/resteasy-users