Hi All,
I created a Realm implementation which authenticates username/password with
credential stored in database. After authentication, I get a Principal
object and I need to push this object to a ThreadLocal object so that any
object run in Servlet can get the principal to do further authorization and
identity assertion. My current solution is
1) After authentication, store the principal in session.
2) Create a Valve , which put the principal to ThreadLocal before Servlet
invocation and remove it after Servlet invocation
invoke(Request request, Response response){
get Principal from request;
put it to ThreadLocal;
getNext().invoke(request, reponse)
remove it from ThreadLocal;
}
Do the Valve and the Servlet called by the Valve (in the end of valve
pipeline) run in the same Thread? Is there any better solution?
Thanks in advance!
- zihui
