snaps session sharing [message #668279] |
Wed, 04 May 2011 19:40 |
Eric Hough Messages: 14 Registered: July 2010 |
Junior Member |
|
|
Following up on my use of Spring Security w/ Snaps post, I ran into another issue.
I'd like all my hosts and snaps to share the same security context, so when the user logs in via my /authenticate snap, another arbitrary snap can obtain the security context and thus identify the user.
The problem is that SnapHttpSession qualifies all its attribute names with ##/snapname. So in my case, the /authenticate snap stores the context into ##/authenticate.SPRING_SECURITY_CONTEXT. In turn, no other host/snap can read the security context.
I was able to fix this by simply getting rid of the qualifying mechanism, in essence allowing all snaps to share the exact same session attributes.
--- a/org.eclipse.virgo.snaps.core/src/main/java/org/eclipse/virgo/snaps/core/internal/webapp/container/SnapHttpSession.java
+++ b/org.eclipse.virgo.snaps.core/src/main/java/org/eclipse/virgo/snaps/core/internal/webapp/container/SnapHttpSession.java
@@ -54,7 +54,7 @@ public final class SnapHttpSession extends HttpSessionWrapper {
}
private String qualifyName(String baseName) {
- return QUALIFIED_NAME_MARKER + this.snapServletContext.getSnapContextPath() + "." + baseName;
+ return baseName;
}
We're only using the session for security, so this shouldn't bring up any other side effects for us. I saw a bit of discussion on the dev list regarding snaps sharing session state. Maybe this would be a good time to tackle the issue? I'm up for helping!
|
|
|
|
Powered by
FUDForum. Page generated in 0.03564 seconds