Re: [jetty-users] accessing Request from Session Lifecycle Listener

[Jan Bartel <janb@xxxxxxxxxxx>]

Jeremy,

The SessionHandler is the handler that resolves any existing session when a request enters a context, so it needs to be before anything that might access a session. By merely putting the SessionHandler first, you aren't guaranteeing that a session will always be created - this only happens iff it is either programmatically requested, or you hit a url with a security constraint on it that means that a FormAuthenticator - or other custom type of Authenticator - is invoked and it creates a session.  Are you sure you don't want to extend SecurityHandler?

Jan

On Fri, 14 Jun 2024 at 01:23, Jeremy Jackson via jetty-users <jetty-users@xxxxxxxxxxx> wrote:

Hi,

I'm working with Jetty 12 trying to put a Kerberos and Client Certificate authentication handler *before* Jetty's default SessionHandler, and I'm coming up short on a way to propagate the authenticated identity into the HTTP Session.

specifically, I would like to access the Session from the onSessionCreated() method.  I'm open to extending one of Jetty's session components (as suggested by chatGPT) but I thought I'd inquire here first.

This is a Jetty embedded, native API project.

The examples I have found all have the SessionHandler coming first, so any subsequent handlers would have access to the Session, however I want to avoid creating a session entirely, for unauthenticated connections.

Regards,

Jeremy

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users

--

Jan Bartel <janb@xxxxxxxxxxx>

www.webtide.com
Expert assistance from the creators of Jetty and CometD