You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by David Sean Taylor <da...@bluesunrise.com> on 2004/11/12 07:44:31 UTC

Re: security valve

Randy Watler wrote:

> Ate/David:
> 
> I am now using the code below successfully in SecurityValveImpl.java.
> 
> Randy
>
Accidently started this thread on the wrong list.
Moving it over to dev.

Looks good to me.
With Ate's blessing I'll commit it

> // initialize/validate security subject
> 
> // access request user principal if defined or default
> // to profiler anonymous user
> Principal userPrincipal = request.getRequest().getUserPrincipal();
> if (userPrincipal == null)
> {
>     userPrincipal = new UserPrincipalImpl(profiler.getAnonymousUser());
> }
> 
> // check for previously established session subject and
> // invalidate if subject and current user principals do
> // not match
> HttpSession session = request.getRequest().getSession();
> Subject subject = (Subject)
> session.getAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT);
> if (subject != null)
> {
>     Principal subjectUserPrincipal = SecurityHelper.getPrincipal(subject,
> UserPrincipal.class);
>     if ((subjectUserPrincipal == null) ||
> !subjectUserPrincipal.getName().equals(userPrincipal.getName()))
>     {
>         subject = null;
>     }
> }
> 
> // create new session subject for user principal if required
> if (subject == null)
> {
>     // attempt to get complete subject for user principal
>     // from user manager
>     subject = userMgr.getUser(userPrincipal.getName()).getSubject();
> 
>     // if subject not available, generate default subject using
>     // request or default profiler anonymous user principal
>     if (subject == null)
>     {
>         Set principals = new HashSet();
>         principals.add(userPrincipal);
>         subject = new Subject(true, principals, new HashSet(), new
> HashSet());
>     }
> 
>     // establish session subject
>     session.setAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT,
> subject);
> }
> 
> // set request context subject
> request.setSubject(subject);
> 
> 


-- 
David Sean Taylor
Bluesunrise Software
david@bluesunrise.com
[office] +01 707 773 4646
[mobile] +01 707 529 9194

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org