Flemming, if you are not using JAAS, and don't want to interact with
it, you can fake it by wrapping the HttpServletRequest in a servlet
filter. This is the method used by SecurityFilter
(http://securityfilter.sourceforge.net/) and is very easy to
implement.
Here are some code snippets:
A filter, applied to /* in web.xml
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
UserSession userSession = (UserSession)
session.getAttribute(Constants.USER_SESSION);
request = new JaasRequestWrapper((HttpServletRequest)request,
userSession);
chain.doFilter(request, response);
}
and then JaasRequestionWrapper.java:
public class JaasRequestWrapper extends HttpServletRequestWrapper {
private UserSession userSession;
public JaasRequestWrapper(HttpServletRequest request, UserSession
userSession)
{
super(request);
this.userSession = userSession;
}
@Override
public boolean isUserInRole(String role) {
return userSession.hasRole(role);
}
}
Where UserSession, is something that you store in the session at user
login containing a list of roles to check against.
On 5/2/07, Flemming Seerup <[EMAIL PROTECTED]> wrote:
Am I missing something? I have a working version of an AuthInterceptor, but
still no examples on how to control isUserInRole().
On manning.com I found a lightbody_src.zip from WW in action, but it doesn't
handle roles.
Could anybody tell me the location of Mark Mernards blog?
/Flemming
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
