I am trying to create a custom scope in Tomcat. My problem is that there is a SessionAttributeListener as part of a framework that checks to see if any object added to the session is serializable and if it does not cause problems ... for example, session invalidation.
Since org.apache.catalina.realm.GenericPrincipal is not serializable, I tried to write my own class that implements Principal and Serializable. It seems perfect if you try to use
request.isUserInRole("user")
I get false for this and any other role the user should have. If I change the GenericPrincipal to CustomPrincipal in the Valve class, it will return true. So my question is:
- What causes a false return?
- How to use custom class instead of GenericPrincipal?
- Can I do it?
Edit:
To be clear, I actually already implemented this. The code in CustomPrincipal is exactly the same as GenericPrincipal, except that it also implements Serializable. request.isUserInRole ("user") returns false when in my valve I have:
request.setUserPrincipal(new CustomPrincipal(args...));
but not when I do
request.setUserPrincipal(new GenericPrincipal(args...));
Any call to request.getUserPrincipal () returns CustomPrincipal when I use this class.
source
share