Sometimes the SessionId or the entire HttpSession is needed in the JAAS Login Module or somewhere else.
After searching the Internet I found two
useful Classes at JBoss:
HttpServletRequestLoginModule and
HttpServletRequestCallback
I simply tried to get the getHttpServletRequest() method
working:
protected HttpServletRequest getHttpServletRequest() throws PolicyContextException { return (HttpServletRequest) PolicyContext.getContext("javax.servlet.http.HttpServletRequest"); }
with this method you can obtain the session:
getHttpServletRequest().getSession()
The only thing to do, is to add
javax.servlet.jar and jboss-j2ee.jar to the classpath and add the getHttpServletRequest()
to your own Login Module. Thats all, somethimes the world is easy…
Hello, I need to access to the http request in my login module, and I’ve tried your solution w¡th the getHttpServletRequest method. However, I’m getting a java.lang.IllegalArgumentException with the following message when calling PolicyContext.getContext:
“No PolicyContextHandler for key=javax.servlet.http.HttpServletRequest”
By the way, I’m using JBoss 4.0.5 with Tomcat 5.5 and Sun Java 6.
Do you have any clues about what may I be doing wrong?
Thanks a lot.
Hello Carmen,
unfortunately I didn’t have a clue what specially went wrong.
It seems to be a misconfiguration of the jboss.
Try to look/google at your jboss configuration, it seems to be that
HttpServletRequest is not registered in the PolicyContext.
You can list the registered handlers with:
javax.security.jacc.PolicyContext.getHandlerKeys()
Please send me your solution if you found it.
good luck,
Daniel
…i just had another Idea:
check the croosContext option in the tomcat:
In jboss-web.deployer/context.xml
add the crossContext=”true” like this:
<Context cookies=”true” crossContext=”true” privileged=”true”>