Re: Adding principal information to a web request

[versatec <ro...@versatec.de>]

I am not familiar with shibboleth, but I wrote a shiro filter to do SPNEGO
SSO authentication to active directory by extending AccessControlFilter and
then implementing the 
@Override protected boolean preHandle(ServletRequest request,
ServletResponse response) throws Exception 
method. Within this method I return 'false' when I directly manipulate the
http response and do not want shiro to proceed through the other filters. I
return 'true' when I want shiro to follow through with its entire stack. 

@Override protected boolean isAccessAllowed(ServletRequest request,
ServletResponse response, Object o) throws Exception 
always returns true because my filter only does automatic authentication
through SPNEGO and leaves the path-matching etc. to authc filter.

So in effect I have chained two filters together: My filter goes first and
tries to do an automatic authentication through SPNEGO. If SPNEGO succeeds
the subject's principal is retrieved from kerberos token and bound to shiro
stack:
String principal = context.getSrcName().toString().toLowerCase();
PrincipalCollection principals = new SimplePrincipalCollection(principal,
getRealmName());
WebSubject.Builder builder = new WebSubject.Builder(request, response);
builder.principals(principals).authenticated(true);
WebSubject webSubject = builder.buildWebSubject();
ThreadContext.bind(webSubject);


After my filter comes authc filter which blocks access based on whether the
subject is authenticated or not, path-matching etc.



--
View this message in context: http://shiro-user.582556.n2.nabble.com/Adding-principal-information-to-a-web-request-tp7579196p7579218.html
Sent from the Shiro User mailing list archive at Nabble.com.