From: Maximilian O. <ma...@se...> - 2003-12-29 19:54:02
|
Hi, I'm stumped. I'm using Axis inside Jetty and want to use the transport's authentication for user authentication inside a web service. A authentication is done before I know the target method, I set up Realm authentication to create a Principal for whatever userName/password comes along. Then inside the web service call I get the Principal from the message context and use the information to the actual authentication with my backend. My problem is that the "Principal" object is created in a different class loader context (Alauncher$AppClassLoader) from the one the Axis serlet runs in (org.mortbay.http.ContextLoader). This seems to prevent me to cast the Principal object to another interface as it is interpreted in two different class locader contexts. ClassLoader A: Class A implements Foo {} A obj = new A(); boolean willBeTrue = (obj instanceof Foo); Inside the servlet in org.mortbay.http.ContextLoader: A obj = getObj(); // this obj and above is identical boolean willBeFalse = (obj instanceof Foo); ----- See the file excerpts below. Any suggestions on how can transfer state from jetty's internal operation to the servlet context? Thanks, -max ==================================== jetty.xml: <Call name="addRealm"> <Arg> <New class="net.semandex.re.semcast.ws.JettyUserRealm"> <Arg>ws</Arg> </New> </Arg> </Call> ---------------- web.xml: <security-constraint> <web-resource-collection> <web-resource-name>Any User</web-resource-name> <url-pattern>/</url-pattern> </web-resource-collection> <auth-constraint> <role-name>*</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>ws</realm-name> </login-config> <security-role> <role-name>ws</role-name> </security-role> -------------- JettyUserRealm.java: import org.mortbay.http.UserRealm; import org.mortbay.http.UserPrincipal; import org.semcast.IAuthenticator; public class JettyUserRealm implements UserRealm { ..... public UserPrincipal authenticate( String username, Object credentials, HttpRequest request ) { _Principal up = new _Principal(username, credentials); return up; } .... private class _Principal implements UserPrincipal, IAuthenticator { ... } } ---------------- Inside WS module (Axis): MessageContext ctxt = org.apache.axis.MessageContext.getCurrentContext(); ServletEndpointContext endPoint = (ServletEndpointContext)ctxt.getProperty(Constants.MC_SERVLET_ENDPOINT_C ONTEXT); Principal principal = endPoint.getUserPrincipal(); //Debug: principal is of type JettyUserRealm%_Principal IAuthenticator auth = null; Class c = principal.getClass(); ClassLoader cl = c.getClassLoader(); //Debug: type - Launcher$AppClassLoader Class c2 = IAuthenticator.class; ClassLoader cl2 = c2.getClassLoader(); //Debug: type - org.mortbay.http.ContextLoader if (principal instanceof IAuthenticator) { //Debug: Does NOT come in here auth = (IAuthenticator)principal; } else { // use guest account ---------------- |