How to access session between multiple contexts?

[Gregor Schneider <rc...@googlemail.com>]

Hi there,

somehow I'm stuck here:

We do have a pre-packaged Tomcat 6 which contains our new CMS, running
on Gentoo Linux.

The ROOT-app contains the aboved mentioned CMS.

Now I do have to integrate some legacy servlets residing each in it's
own Context, and for aurthorization-issues I have to access some
sesson-attributes.

I have enabled the SingleSignOnValve (although authorization is
handled via some Spring-stuff) but I thought it is needed to share the
session among different contexts.

I wrote a very simple test-servlet, which should dump the session-attributes:

	protected void doGet(HttpServletRequest aRequest, HttpServletResponse
aResponse) throws ServletException, IOException {
		PrintWriter out = aResponse.getWriter();
		out.println ("Auth-Type:" + aRequest.getAuthType());
		out.println ("Remote User:" + aRequest.getRemoteUser());
		Principal prince = aRequest.getUserPrincipal();
		if (prince == null) {
			out.println ("Principal is null");
		} else {
			out.println ("Principal:" + prince.getName());
		}
		
		HttpSession session = aRequest.getSession();
		if (session != null) {
			Enumeration<String> e = session.getAttributeNames();
			while (e.hasMoreElements()) {
				String attName = e.nextElement();
					out.println ("Attribute " + attName + ", value:" +
						session.getAttribute(attName));
			}
			JahiaUser user =
(JahiaUser)aRequest.getSession().getAttribute("org.jahia.usermanager.jahiauser");
			JahiaSite site =
(JahiaSite)aRequest.getSession().getAttribute("org.jahia.services.sites.jahiasite");
			if (site != null && user != null) {
				int siteID = site.getID();
				out.println (user.isMemberOfGroup(siteID, "users") ?
"authorized":"not authorized");
			}
		} else {
			out.println ("session is null!");
		}
		
		out.close();
	}

I do understand that there's not Primcipal since it's not
container-based security, but I was expecting that all attributes
which can be retrieved from within the ROOT-context would show up in
different Contexts also.

However, they don't.

Sure, chances are I have some musconfiguration here, but could
somebody simply tell me what I have to do to share session-attributes
between different Contexts?
Is my modus operandi correct or isn't it possible in general?

TIA

Gregor
-- 
just because you're paranoid, don't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available
@ http://pgpkeys.pca.dfn.de:11371
@ http://pgp.mit.edu:11371/
skype:rc46fi

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: How to access session between multiple contexts?

[Gregor Schneider <rc...@googlemail.com>]

Hi Chris,

first, thanks for your answer, I really do apprecciate it!

On Thu, Apr 28, 2011 at 5:00 PM, Christopher Schultz
<ch...@christopherschultz.net> wrote:
>
> Gregor could cheat and write a session-data-fetch servlet in the "main"
> webapp and call it from the ancillary webapp. Just use URL-based session
> ids when you call and it should work.
>

Well, as I wrote before, the CMS (Jahia) runs in the ROOT-context. I'd
like, if possible, Jahia being untouched, so that I can deploy any
hotfixes without having to worry about my tweaks.

> Gregor, what are your options for simply adding your code to the CMS
> webapp and not bothering with the added complexity of a second webapp?

Well, we do have a support-contract with Jahia Group, and we've opened
tickets for that issue, but to no avail.

They told us some options using session-attributes, but therefore I
have to - you guess it - the session...

I don't even know what security-mechanism they are using: Seems some
mixture of Spring / CAS, both components where I don't know my ways
through.

What I've been expecting was to get a cooking-receipe where they have
a helloworld-servlet in it's own context, which is integrated into
their security-mechanism, but they just don't provide it - for
whatever reason I just can't see.

Well, we decided for Jahia and signed the contracts already, so there
are not too many options.

Jahia itself is using portlets heavily, which can be deployed into
Jahia as war-files.
So my last shot is to migrate our legacy-servlets into portlets, but
that's a whole bunch of work, which is blowing up our estimates.

I'm just wondering if no other Jahia client has the requirement to
connect to any legacy servlets: Maybe they all dumped their old stuff
and developed from scratch..

Thanks anyway!

Gregor
-- 
just because you're paranoid, don't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available
@ http://pgpkeys.pca.dfn.de:11371
@ http://pgp.mit.edu:11371/
skype:rc46fi

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: How to access session between multiple contexts?

[Christopher Schultz <ch...@christopherschultz.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chuck,

On 4/27/2011 8:58 AM, Caldarale, Charles R wrote:
>> From: Gregor Schneider [mailto:rc46fi@googlemail.com] 
>> Subject: How to access session between multiple contexts?
> 
>> I have enabled the SingleSignOnValve (although authorization
>> is handled via some Spring-stuff) but I thought it is needed
>> to share the session among different contexts.
> 
> No, the SSO valve does not cause sessions to be shared across contexts - that would be a spec violation.  All it does is replicate authentication/authorization information across the associated contexts of a given <Host>.
> 
> I would think you could use a listener in each context that could propagate session changes across webapps via some data structures maintained by a shared class.  Don't know if such exists already, or if you'd have to create it.

Gregor could cheat and write a session-data-fetch servlet in the "main"
webapp and call it from the ancillary webapp. Just use URL-based session
ids when you call and it should work.

Gregor, what are your options for simply adding your code to the CMS
webapp and not bothering with the added complexity of a second webapp?

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk25gSAACgkQ9CaO5/Lv0PA5eQCgpms5Uohaj9gAvN6UH+z4XRfL
6UgAoICuqOqbfOrZ9MJFCNC1A4otla5i
=9A/9
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: How to access session between multiple contexts?

["Caldarale, Charles R" <Ch...@unisys.com>]

> From: Gregor Schneider [mailto:rc46fi@googlemail.com] 
> Subject: How to access session between multiple contexts?

> I have enabled the SingleSignOnValve (although authorization
> is handled via some Spring-stuff) but I thought it is needed
> to share the session among different contexts.

No, the SSO valve does not cause sessions to be shared across contexts - that would be a spec violation.  All it does is replicate authentication/authorization information across the associated contexts of a given <Host>.

I would think you could use a listener in each context that could propagate session changes across webapps via some data structures maintained by a shared class.  Don't know if such exists already, or if you'd have to create it.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.