GateIn: a filter for the login servlet

Question

I need to implement some logic before and after the login servlet invoked by my login.jsp.

So I wrote a filter for the url /login to do that. I need to get the user profile for some operations, so I created this LoginFilter class:

public class LoginFilter implements Filter {
    private static Logger logger = Logger.getLogger(LoginFilter.class);

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        String username = httpRequest.getParameter("username");
        String password = httpRequest.getParameter("password");

        chain.doFilter(request, response);

        PortalRequestContext context = PortalRequestContext.getCurrentInstance();

        if (context == null)
            logger.info("PortalRequestContext is NULL");
        else {
            String userId = context.getRemoteUser();

            if (userId == null || userId.equals(""))
                logger.info("Login failed, IP:" + httpRequest.getRemoteAddr());
            else
                logger.info("Login executed, username:" + userId);
        }
    }

The problem is that "context" (PortalRequestContext) is always null. What ma I doing wrong? Is this the right approach?

Answer 1

If you are using GateIn, you can try using

org.exoplatform.portal.webui.util.Util.getPortalRequestContext().getRequest()

ce

Answer 2

You can develop a Valve and add it into Context file of "portal" webapp (Tomcat/conf/Catalina/localhost/portal.xml). That's what is done in GateIN for SSO extension for example: See ServletAccessValve

ServletAccess.setRequestAndResponse(request, response);

Then, the Request is accessed in SSOLoginModule using this:

// Tomcat way (Assumed that ServletAccessValve has been configured in context.xml)
  else
  {
     request = ServletAccess.getRequest();
  }

For JBoss, it's more simple, you have just to use

javax.security.jacc.PolicyContext.getContext(HttpServletRequest.class.getName())

Answer 3

在登录时， PortalRequestContext尚未创建，但您可以通过调用HttpServletRequest#getRemoteUser()来获取远程用户

Answer 4

You can add a GateIN Filter like detailed here .

And you can use statically in this Filter the ConversationState to get the current username:

ConversationState.getCurrent().getIdentity().getUserId();

Answer 5

Just use the conversation state object:

// Gets the current user id
ConversationState conversationState = ConversationState.getCurrent();

org.exoplatform.services.security.Identity identity = conversationState.getIdentity();
String userId = identity.getUserId();