[Jetty-support] Problem with classloaders

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi,

I'm stumped. I'm using Axis inside Jetty and want to use the transport's
authentication for user authentication inside a web service. A
authentication is done before I know the target method, I set up Realm
authentication to create a Principal for whatever userName/password
comes along. Then inside the web service call I get the Principal from
the message context and use the information to the actual authentication
with my backend.

My problem is that the "Principal" object is created in a different
class loader context (Alauncher$AppClassLoader) from the one the Axis
serlet runs in (org.mortbay.http.ContextLoader). This seems to prevent
me to cast the Principal object to another interface as it is
interpreted in two different class locader contexts.

ClassLoader A:

Class A implements Foo {}

A obj = new A();
boolean willBeTrue = (obj instanceof Foo);

Inside the servlet in org.mortbay.http.ContextLoader:

A obj = getObj(); // this obj and above is identical
boolean willBeFalse = (obj instanceof Foo);

-----

See the file excerpts below.

Any suggestions on how can transfer state from jetty's internal
operation to the servlet context?

Thanks,

-max

====================================

jetty.xml:

  <Call name="addRealm">
    <Arg>
      <New class="net.semandex.re.semcast.ws.JettyUserRealm">
        <Arg>ws</Arg>
      </New>
    </Arg>
  </Call>

----------------
web.xml:

	<security-constraint>
      <web-resource-collection>
        <web-resource-name>Any User</web-resource-name>
        <url-pattern>/</url-pattern>
      </web-resource-collection>
      <auth-constraint>
        <role-name>*</role-name>
      </auth-constraint>
    </security-constraint>

 	<login-config>  
 		<auth-method>BASIC</auth-method>  
 		<realm-name>ws</realm-name>  
 	</login-config>

	<security-role> 
		<role-name>ws</role-name> 
	</security-role>

--------------
JettyUserRealm.java:

import org.mortbay.http.UserRealm;
import org.mortbay.http.UserPrincipal;
import org.semcast.IAuthenticator;

public class 
JettyUserRealm 
    implements UserRealm 
{
    .....

    public UserPrincipal 
    authenticate(
        String username,
        Object credentials,
        HttpRequest request
    ) {
        _Principal up = new _Principal(username, credentials);
        return up;
    }
    ....
    private class
    _Principal
        implements UserPrincipal, IAuthenticator
    {
	...
    }
}
----------------
Inside WS module (Axis):

        MessageContext ctxt =
org.apache.axis.MessageContext.getCurrentContext();
        ServletEndpointContext endPoint =
(ServletEndpointContext)ctxt.getProperty(Constants.MC_SERVLET_ENDPOINT_C
ONTEXT);
        Principal principal = endPoint.getUserPrincipal();
	  //Debug: principal is of type JettyUserRealm%_Principal

        IAuthenticator auth = null;
        Class c = principal.getClass();
        ClassLoader cl = c.getClassLoader();  //Debug: type -
Launcher$AppClassLoader

        Class c2 = IAuthenticator.class;
        ClassLoader cl2 = c2.getClassLoader();  //Debug: type -
org.mortbay.http.ContextLoader

        if (principal instanceof IAuthenticator) {
		//Debug: Does NOT come in here
            auth = (IAuthenticator)principal;
        } else {
            // use guest account

----------------