I implementing authorization for jsp page using HttpHandler and HttpFilter and our company internal authorization service. So the logic is: if I receive HttpRequest and there is a user in header, I send request to our service to get Access roles for that user. Than I want to add these roles to HttpSession as an attribute. I implemented this logic in HttpHandler which extends AbstractHandler from Jetty-server. So the roles has been added to session object successfully. Then Request goes to Filter. In my filter I'm trying to get these values from session, but no luck. I checked the String-Hash value of the session everywhere is the same but in handler I am able to see value as an attribute, in filter there is no attribute at all. Then I checked that hashCode() in Handler and in Filter returns different values for Session objects even if they have the same hash session value.
Could you suggest something to figure out why session identificator the same, but objects are different and there is no value of attribute in Filter.
This is how I add value to the session in handle method of Handler:
httpServletRequest.getSession(true).setAttribute(ACCESS_ROLES, StringUtils.join(getEntitlementAuthorities(user), ENTITLEMENT_ROLES_DIVIDER));
This is how I try to get data back in Filter:
Object attributesObject = httpRequest.getSession().getAttribute(ACCESS_ROLES);
Aucun commentaire:
Enregistrer un commentaire