Hi,
I've been working on a rest service filter for security and have a quick
question regarding principal propagation.
OK,
the filter basically does this:
String test = <token from request>
// Custom JAAS login module (I know it can be done without aswell)
LoginContext loginContext = new LoginContext("CustomTokenAuth", new
TokenCallbackHandler(test));
loginContext.login();
//Wrapper for overriding setprincipal
AuthServletRequestWrapper authRequest = new
AuthServletRequestWrapper(request);
Principal p = getUserprincipal(subject);
Set<String> userRoles = getUserRoles(subject);
authRequest.setUserPrincipal(p);
authRequest.setUserRoles(userRoles);
chain.doFilter(authRequest, response);
OK, so I can in my rest resource do:
@Path("restservice")
@Singleton
public class TestResource()
......
@GET
public String test(@Context SecurityContext context) {
if (context.isUserInRole("Manager")){
return "is Manager";
}
return "not manager";
}
And it works ok,
However, is it possible to propagate this into sessioncontext?
Meaning,
be able to use @rolesallowed on method level?
(or is there maybe a apache cxf filtermodule for this)
br hw
--
View this message in context:
http://openejb.979440.n4.nabble.com/Setting-principal-in-a-filter-tp4668223.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
