On Wed, Jul 27, 2011 at 1:26 PM, Filipe Sousa <[email protected]> wrote:
> Hi Manoj,
>
> That is not what I meant.
>
> Suppose I have the following code in a servlet and the user is already
> authenticated
>
> protected void doGet(HttpServletRequest req, HttpServletResponse resp) {
> SecurityUtils.getSubject().isAuthenticated()
> SecurityUtils.getSubject().isAuthenticated()
> }
>
> Is it possible that in the second call isAuthenticated() might return false?
>
I don'nt think this can happen.
> I have been using the following pattern:
>
> protected void doGet(HttpServletRequest req, HttpServletResponse resp) {
> String login = SecurityUtils.getSubject().getPrincipal()
> foo(login)
> bar(login)
> }
>
> foo(String login) {
> ...
> }
>
> bar(String login) {
> ...
> }
>
>
> but I was wondering if it is safe to use the following:
>
> protected void doGet(HttpServletRequest req, HttpServletResponse resp) {
> foo()
> bar()
> }
>
> foo() {
> String login = SecurityUtils.getSubject().getPrincipal()
> }
>
> bar() {
> String login = SecurityUtils.getSubject().getPrincipal()
> }
>
The Subject is associated with the thread. So I do not know of a reason why
this would be unsafe.
> On Wed, Jul 27, 2011 at 7:10 PM, Manoj Khangaonkar
> <[email protected]> wrote:
>> Hi Filepe,
>>
>> By default, isAuthenticated() will return false.
>>
snip
> --
> Filipe Sousa
>
--
http://khangaonkar.blogspot.com/
