You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Sa...@rbs.com.INVALID on 2016/05/18 02:56:25 UTC

How to acess HttpServletRequest in Jaas login module in Tomcat

Hello experts

How to acess HttpServletRequest in Jaas login module in Tomcat? In Jboss we can get it through


HttpServletRequest request = (HttpServletRequest)PolicyContext.getContext("javax.servlet.http.HttpServletRequest")

But it's not working in Tomcat since Jacc is not supported by Tomcat yet. Is there anyother way in tomcat to get HttpServletRequest in Jaas login module ?



SAURABH SUMAN
Software Developer
Markets & International Banking
RBS
Block No 1, Tower A, Unitech Infospace Complex Sector 21, Gurgaon, Haryana, 122002, India
Office: +91 124 6195699  |  Mobile: +91 9999375289


*********************************************************************************** 
The Royal Bank of Scotland plc. Registered in Scotland No 90312. 
Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB. 
Authorised by the Prudential Regulation Authority and regulated 
by the Financial Conduct Authority and Prudential Regulation Authority. 
The Royal Bank of Scotland N.V. is authorised and regulated by the 
De Nederlandsche Bank and has its seat at Amsterdam, the 
Netherlands, and is registered in the Commercial Register under 
number 33002587. Registered Office: Gustav Mahlerlaan 350, 
Amsterdam, The Netherlands. The Royal Bank of Scotland N.V. and 
The Royal Bank of Scotland plc are authorised to act as agent for each 
other in certain jurisdictions. 
  
This e-mail message is confidential and for use by the addressee only. 
If the message is received by anyone other than the addressee, please 
return the message to the sender by replying to it and then delete the 
message from your computer. Internet e-mails are not necessarily 
secure. The Royal Bank of Scotland plc and The Royal Bank of Scotland 
N.V. including its affiliates ("RBS group") does not accept responsibility 
for changes made to this message after it was sent. For the protection
of RBS group and its clients and customers, and in compliance with
regulatory requirements, the contents of both incoming and outgoing
e-mail communications, which could include proprietary information and
Non-Public Personal Information, may be read by authorised persons
within RBS group other than the intended recipient(s). 

Whilst all reasonable care has been taken to avoid the transmission of 
viruses, it is the responsibility of the recipient to ensure that the onward 
transmission, opening or use of this message and any attachments will 
not adversely affect its systems or data. No responsibility is accepted 
by the RBS group in this regard and the recipient should carry out such 
virus and other checks as it considers appropriate. 

Visit our website at www.rbs.com 
***********************************************************************************

Re: How to acess HttpServletRequest in Jaas login module in Tomcat

Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Saurabh,

On 5/25/16 10:33 PM, Saurabh.Suman@rbs.com.INVALID wrote:
> I am already extending JAASCallbackHandler and getting Name and 
> password through that. How can we get HTTLServletRequest through 
> JAASCallbackHandler?

I'm interested in a similar feature, too.

It would be great if an arbitrary authenticator component could get
access to the HttpServletRequest -- mostly to get the remote user's IP
address.

One of the reasons we can't use Tomcat's container-provided
authentication and authorization is because we can't properly-log
source information when authentication fails.

Theoretically speaking, we wouldn't really need access to the
HttpServletRequest from within the Realm, but that would require a new
component like an AuthenticationListener that would get notifications
about success/failure of an authentication attempt, and could include
information such as the HttpServletRequest object itself, or perhaps
some selected pieces of useful connection information (e.g. client
certificate, source IP address, ports, etc.).

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAldHFB8ACgkQ9CaO5/Lv0PAn8wCdE1h/gZXNA3DrkYuFuG8DQrQF
o7gAn2FI/kEp/Pn80vD7qa6DcdjAOLtE
=P34z
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: How to acess HttpServletRequest in Jaas login module in Tomcat

Posted by Sa...@rbs.com.INVALID.
Hi Mark, 
Thanks for your reply. I am already extending JAASCallbackHandler and getting Name and password through that. How can we get HTTLServletRequest through JAASCallbackHandler?

SAURABH SUMAN
Software Developer 
Markets & International Banking
RBS
Block No 1, Tower A, Unitech Infospace Complex Sector 21, Gurgaon, Haryana, 122002, India
Office: +91 124 6195699   |  Mobile: +91 9999375289 
-----Original Message-----
From: Mark Thomas [mailto:markt@apache.org] 
Sent: Wednesday, May 18, 2016 1:14 PM
To: Tomcat Users List
Subject: Re: How to acess HttpServletRequest in Jaas login module in Tomcat

*********************************************
" This message originates from outside our organisation. Consider carefully whether you should click on any links, open any attachments or reply. If in doubt, forward to ~ Phishing"
*********************************************

On 18/05/2016 03:56, Saurabh.Suman@rbs.com.INVALID wrote:
> Hello experts
> 
> How to acess HttpServletRequest in Jaas login module in Tomcat? In 
> Jboss we can get it through
> 
> 
> HttpServletRequest request = 
> (HttpServletRequest)PolicyContext.getContext("javax.servlet.http.HttpS
> ervletRequest")
> 
> But it's not working in Tomcat since Jacc is not supported by Tomcat yet. Is there anyother way in tomcat to get HttpServletRequest in Jaas login module ?

Unless you write some custom Tomcat code, no. You'd need to extend the JAASRealm and the JAASCallbackHandler at a minimum.

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org



*********************************************************************************** 
The Royal Bank of Scotland plc. Registered in Scotland No 90312. 
Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB. 
Authorised by the Prudential Regulation Authority and regulated 
by the Financial Conduct Authority and Prudential Regulation Authority. 
The Royal Bank of Scotland N.V. is authorised and regulated by the 
De Nederlandsche Bank and has its seat at Amsterdam, the 
Netherlands, and is registered in the Commercial Register under 
number 33002587. Registered Office: Gustav Mahlerlaan 350, 
Amsterdam, The Netherlands. The Royal Bank of Scotland N.V. and 
The Royal Bank of Scotland plc are authorised to act as agent for each 
other in certain jurisdictions. 
  
This e-mail message is confidential and for use by the addressee only. 
If the message is received by anyone other than the addressee, please 
return the message to the sender by replying to it and then delete the 
message from your computer. Internet e-mails are not necessarily 
secure. The Royal Bank of Scotland plc and The Royal Bank of Scotland 
N.V. including its affiliates ("RBS group") does not accept responsibility 
for changes made to this message after it was sent. For the protection
of RBS group and its clients and customers, and in compliance with
regulatory requirements, the contents of both incoming and outgoing
e-mail communications, which could include proprietary information and
Non-Public Personal Information, may be read by authorised persons
within RBS group other than the intended recipient(s). 

Whilst all reasonable care has been taken to avoid the transmission of 
viruses, it is the responsibility of the recipient to ensure that the onward 
transmission, opening or use of this message and any attachments will 
not adversely affect its systems or data. No responsibility is accepted 
by the RBS group in this regard and the recipient should carry out such 
virus and other checks as it considers appropriate. 

Visit our website at www.rbs.com 
***********************************************************************************  


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: How to acess HttpServletRequest in Jaas login module in Tomcat

Posted by Mark Thomas <ma...@apache.org>.
On 18/05/2016 03:56, Saurabh.Suman@rbs.com.INVALID wrote:
> Hello experts
> 
> How to acess HttpServletRequest in Jaas login module in Tomcat? In Jboss we can get it through
> 
> 
> HttpServletRequest request = (HttpServletRequest)PolicyContext.getContext("javax.servlet.http.HttpServletRequest")
> 
> But it's not working in Tomcat since Jacc is not supported by Tomcat yet. Is there anyother way in tomcat to get HttpServletRequest in Jaas login module ?

Unless you write some custom Tomcat code, no. You'd need to extend the
JAASRealm and the JAASCallbackHandler at a minimum.

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org