hi using a jaas loginmodule would be the solution i think 2014-03-16 10:28 UTC+01:00, hwaastad <[email protected]>: > Hi, > I've been working on a rest service filter for security and have a quick > question regarding principal propagation. > > OK, > the filter basically does this: > String test = <token from request> > // Custom JAAS login module (I know it can be done without aswell) > LoginContext loginContext = new LoginContext("CustomTokenAuth", new > TokenCallbackHandler(test)); > loginContext.login(); > > //Wrapper for overriding setprincipal > AuthServletRequestWrapper authRequest = new > AuthServletRequestWrapper(request); > Principal p = getUserprincipal(subject); > Set<String> userRoles = getUserRoles(subject); > authRequest.setUserPrincipal(p); > authRequest.setUserRoles(userRoles); > chain.doFilter(authRequest, response); > > OK, so I can in my rest resource do: > > @Path("restservice") > @Singleton > public class TestResource() > ...... > > @GET > public String test(@Context SecurityContext context) { > if (context.isUserInRole("Manager")){ > return "is Manager"; > } > return "not manager"; > } > > And it works ok, > > However, is it possible to propagate this into sessioncontext? > Meaning, > be able to use @rolesallowed on method level? > (or is there maybe a apache cxf filtermodule for this) > > br hw > > > > -- > View this message in context: > http://openejb.979440.n4.nabble.com/Setting-principal-in-a-filter-tp4668223.html > Sent from the OpenEJB User mailing list archive at Nabble.com. >
-- *Romain Manni-Bucau* *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* *Blog: **http://rmannibucau.wordpress.com/*<http://rmannibucau.wordpress.com/> *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* *Github: https://github.com/rmannibucau*
