You're welcome, and good luck :)
Gili
On 30/10/2013 7:39 PM, Eric Stein wrote:
> I knew it was slated to be released in 2.4, but I didn't realize 2.4 was out. I will update my dependencies. Thanks!
>
> Eric
>
> -----Original Message-----
> From: cowwoc [mailto:cowwoc_at_bbs.darktech.org]
> Sent: Wednesday, October 30, 2013 4:04 PM
> To: users_at_jersey.java.net
> Subject: [Jersey] Re: Accessing request attributes in a ContainerRequestFilter
>
> On 30/10/2013 3:24 PM, Eric Stein wrote:
>> I've got a Jersey API that's protected by Shibboleth, an SSO implementation. Shibboleth puts the id of the logged-in user in a request attribute. On the back end, I'm using Shiro for authorization. Shiro would like to know the logged-in user so it can load up permissions.
>>
>> What is the correct way to get that userId out of the request attribute and into Shiro? Right now, what I'm trying is:
>>
>> @Provider
>> public final class ShiroLoginFilter implements ContainerRequestFilter
>> {
>>
>> @Context
>> private HttpServletRequest request;
>>
>> @Override
>> public void filter(final ContainerRequestContext requestContext)
>> throws IOException {
>>
>> final String userId = (String) this.request.getAttribute("nameid");
>> final Subject subject = SecurityUtils.getSubject();
>> subject.login(new LocusAuthenticationToken(userId));
>>
>> }
>> }
>>
>> Unfortunately, due to JERSEY-1960[1], I can't inject the request context into a filter. Every user needs to "login" in order to load permissions. I'd rather not have to repeat the login code in every method of the API. I am also not permitted to use a web.xml filter (by my boss). Do I have any good option here?
>>
>> Thanks,
>> Eric
>>
>> [1] https://java.net/jira/browse/JERSEY-1960
>>
>> (Question also posted to StackOverflow:
>> http://stackoverflow.com/questions/19691753/read-request-attribute-in-
>> a-jersey-containerrequestfilter)
>>
>>
> Eric,
>
> Do you realize that JERSEY-1960 is marked as fixed in Jersey 2.4 (which was recently released)?
>
> Gili
>