Good Morning Darren-
You can always downcast but upcasting is always problematic
request.getUserPrincipal() returns the base class of java.security.Principal
you are trying to upcast to your own derived class which is always dangerous
since there is no
guarantee the object you are passing is of type yourOwnDerivedClass
You can either use classic request.getUserPrincipal() to return legacy
javax.security.Principal
OR
you can implement your own interface MyHttpServletRequest from
javax.servlet.http.HttpServletRequest
then implement your own MyHttpServlet from javax.servlet.http.HttpServlet
which then implements your own customised Interface MyHttpServletRequest
comprenez?
Martin --
*********************************************************************
This email message and any files transmitted with it contain confidential
information intended only for the person(s) to whom this email message is
addressed. If you have received this email message in error, please notify
the sender immediately by telephone or email and destroy the original
message without making a copy. Thank you.
----- Original Message -----
From: "Darren Clarke" <[EMAIL PROTECTED]>
To: <users@tomcat.apache.org>
Sent: Thursday, September 21, 2006 7:53 AM
Subject: Custom Principal casting problem
> Hi
>
> Apologies in advance if I'm going over old ground here - I have spent
> a day and a bit searching the web and have found people with the same
> problem, but I'm not finding the solution anywhere...
>
> I've created my own Tomcat Realm that performs custom
> authentication. The various authenticate() and getPrinicipal()
> methods return a custom principal. My custom principal implements a
> custom interface, which in turn implements the standard Principal, i.e.:
>
> package poc.security;
>
> public interface I_TestPrincipal extends java.security.Principal
> { ... }
>
> public class TestPrincipal implements I_TestPrincipal { ... }
>
>
> Based on this, I can login to the website and authentication works
> fully, as do the role checks (such as request.isUserInRole() called
> from a JSP).
>
> However, if I want my page to do anything with my custom principal, I
> get a ClassCastException. So, for example, the following line will
> fail:
>
> ((I_TestPrincipal) request.getUserPrincipal()).someCustomMethod()
>
>
> The best notes I've found on the subject are those in the Tomcat Wiki
> HowTo, and I think the most suitable of those suggestions is the
> solution based on Common Interfaces.
>
> So, I've partitioned my code such that:
> JSPs/Servlets are in a WAR in $TOMCAT/webapps
> Realm and Principal classes are in a JAR installed in $TOMCAT/server/
> lib
> Principal Interface is in a JAR in $TOMCAT/common/lib
>
> If I understand the wiki correctly, this should work. However,
> although my realm still works fully and authentication succeeds and
> although my JSP can find/load the interface class, the cast
> (I_TestPrincipal) request.getUserPrincipal()
> still fails.
>
>
> In case it helps, I'm running Tomcat 5.5.17 on Mac OS 10.4.7
>
> Thanks in advance
> Darren Clarke
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
