How do I obtain security details (JAAS)

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

You can obtain the UserPrincipal and other security details by going through the request or implementing PrincipalAware. Implementing PrincipalAware is preferred.

Go Through the Request

First obtain the HttpServletRequest and then obtain the security Principal.

Code Block
java
HttpServletRequest request = ServletActionContext.getRequest();
String authType = request.getAuthType();         // http or https
String user = request.getRemoteUser();           // the user principal (in string)
Principalprincipal = request.getUserPrincipal(); // get a Principal object
bool isAuth = request.isUserInRole("patrick");

Implement PrincipalAware

(star) Preferred

  • Ensure that servlet-config Interceptor is included in the Action's stack.
    • (info) The default stack already includes servlet-config.
  • Edit the Action so that it implements the PrincipalAware interface.
    • The PrincipalAware interface expects a setPrincipalProxy(PrincipalProxy) method. You may wish to include a companion getPrincipalProxy method.
  • At runtime, use the PrincipalProxy reference to invoke methods such as isUserInRole, getUserPrincipal(), getRemoteUser(), isRequestSecure(), and so forth.

@see org.apache.struts.action2.interceptor.PrincipalProxy
@see org.apache.struts.action2.interceptor.PrincipalAware
@see org.apache.struts.action2.interceptor.ServletConfigInterceptor