Hi, On Wed, Jun 10, 2015 at 3:28 PM, markt [via Tomcat] < ml-node+s10n5035887...@n6.nabble.com> wrote:
> I don't really understand what the requirement is here. Can you expand / > point me to the part of the spec? > It's simply that from within a SAM you can forward/include to a Servlet using a dispatcher, such that the output of that Servlet is inserted in the response. It's in section 3.8.3.4 of the JASPIC spec: "3.8.3.4 Forwards and Includes by Server Authentication Modules The message processing runtime must support the acquisition and use of RequestDispatcher objects by authentication modules within their processing of validateRequest. Under the constraints defined by RequestDispatcher, authentication modules must be able to forward and include using the request and response objects passed in MessageInfo. In particular, an authentication module must be able to acquire a RequestDispatcher from the request obtained from MessageInfo, and uses it to forward the request (and response) to a login form. Authentication modules should catch and rethrow as an AuthException any exception thrown by these methods." A test/example showing this in practice is the following: https://github.com/javaee-samples/javaee7-samples/tree/master/jaspic/dispatching Specifically, this code shows both an include and a forward done by a SAM: public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException { try { HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage(); if ("include".equals(request.getParameter("dispatch"))) { request.getRequestDispatcher("/includedServlet") .include(request, response); // "Do nothing", required protocol when returning SUCCESS handler.handle(new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) }); // When using includes, the response stays open and the main // resource can also write to the response return SUCCESS; } else { request.getRequestDispatcher("/forwardedServlet") .forward(request, response); // MUST NOT invoke the resource, so CAN NOT return SUCCESS here. return SEND_CONTINUE; } } catch (IOException | ServletException | UnsupportedCallbackException e) { throw (AuthException) new AuthException().initCause(e); } } Sounds good. Thanks for the tip. > You're welcome ;) Kind regards, Arjan Tijms > > Cheers, > > mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [hidden email] > <http:///user/SendEmail.jtp?type=node&node=5035887&i=0> > For additional commands, e-mail: [hidden email] > <http:///user/SendEmail.jtp?type=node&node=5035887&i=1> > > > > ------------------------------ > If you reply to this email, your message will be added to the discussion > below: > > http://tomcat.10.x6.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-Tomcat-7-0-x-tp4993387p5035887.html > To unsubscribe from Consider support for the Servlet profile of JSR 196 > (JASPIC) in Tomcat 7.0.x, click here > <http://tomcat.10.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=4993387&code=YXJqYW4udGlqbXNAZ21haWwuY29tfDQ5OTMzODd8LTM3MzU5NTg0OA==> > . > NAML > <http://tomcat.10.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > -- View this message in context: http://tomcat.10.x6.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-Tomcat-7-0-x-tp4993387p5035891.html Sent from the Tomcat - Dev mailing list archive at Nabble.com.
