users@grizzly.java.net

Re: Grizzly 2.x and Basic auth. and Filters

From: Oleksiy Stashok <oleksiy.stashok_at_oracle.com>
Date: Mon, 20 Jun 2016 13:33:20 -0700

Hi Sumit,


> here are my queries, If i have an authentication filter in chain
> TransportFilter <-> HttpCodecFilter <-> MyAuthFilter <-> HttpServerFilter.
>
> Filter is executed for all incoming requests. So even if URI of request is
> invalid (i.e is not mapping to any URI on grizzly container), MyAuthFilter
> gets executed. This seems illogical to me. I would like this MyAuthFilter
> to be executed to valid request URI only.
The ctx.getMessage() in the MyAuthFilter will return you
HttpRequestPacket object, which could be used to store object you might
need later in HttpHandler.
Just use HttpRequestPacket.setAttribute(key, value), and inside the
HttpHandler you can use request.getRequest().getAttribute(key).

If low-level Filters approach doesn't work for you, maybe you can create
something like AuthAwareHttpHandler, that handle authentication and just
inherit it where you need to deploy app HttpHandlers.

Thanks.

WBR,
Alexey.

>
>
> Second in MyAuthFilter i build a subject. How can i pass/set this subject
> in AccessController
>
> Usually subject information is retrieved through
> javax.security.auth.SubjectSubject.getSubject(java.security.AccessControllerAccessController.getContext()).
>
>
>
> If its HTTP container(i.e servlet filter) i invoke rest of filter chain
> under privileged code. But in grizzly it allows me to return next Action not
> execute.
>
>
>
> --
> View this message in context: http://grizzly.1045725.n5.nabble.com/Grizzly-2-x-and-Basic-auth-and-Filters-tp4770236p5711045.html
> Sent from the Grizzly - Users mailing list archive at Nabble.com.