[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-967) JBoss Seam - Support authentication from a realm (on Tomcat)
Shane Bryzak (JIRA)
jira-events at lists.jboss.org
Fri Oct 19 02:03:03 EDT 2007
[ http://jira.jboss.com/jira/browse/JBSEAM-967?page=comments#action_12383370 ]
Shane Bryzak commented on JBSEAM-967:
-------------------------------------
Wouldn't it be trivial to just extend Identity or RuleBasedIdentity (depending on whether you require rule-based permissioning or not) and override these few methods?
> JBoss Seam - Support authentication from a realm (on Tomcat)
> ------------------------------------------------------------
>
> Key: JBSEAM-967
> URL: http://jira.jboss.com/jira/browse/JBSEAM-967
> Project: JBoss Seam
> Issue Type: Feature Request
> Components: Security
> Reporter: Bradley Smith
> Assigned To: Shane Bryzak
>
> Please see discussion in the JBoss forum reference.
> The idea is to allow the Seam Identity (security) component to get the Principal from the HttpServletRequest and to delegate the hasRole() calls to the HttpServletRequest as well. This is because, in my case, Tomcat has already forced the user to authenticate if necessary and the authentication, authorization information is available in the container's HttpServletRequest impl.
> Principal userPrincipal = httpServletRequest.getUserPrincipal();
> boolean hasRole(String roleName) {
> return httpServletRequest.isUserInRole(roleName);
> }
> public String getUsername() {
> return httpServletRequest.getRemoteUser();
> }
> public boolean isLoggedIn() {
> return httpServletRequest.getUserPrincipal() != null;
> }
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the seam-issues
mailing list