![[Contents]](FIGURE/CONTENT.GIF)
uCosminexus Application Server, Security Management Guide
![[Index]](FIGURE/INDEX.GIF)
![[Back]](FIGURE/FRONT.GIF)
![[Next]](FIGURE/AFTER.GIF)
The object that inherits the java.io.Serializable interface must be assigned to HttpSession. Store the Subject that inherits the java.io.Serializable interface in HttpSession instead of the LoginContext instance, which was created at the time of login. The stored Subject is necessary for logout implementation. The following is an example of implementation in which the Subject is stored in HttpSession (the line in bold letters).
<%
LoginContext lc = new LoginContext("Portal",
new WebPasswordHandler(request, response, null, "login.html", true));
try {
lc.login();
session.setAttribute("ExampleSubject", lc.getSubject());
} catch (LoginException e) { ... }%
>
...
|
To inherit the user attributes that have been associated with the Subject after login (UserAttributes) by using the session failover functionality, the Subject and the user attributes must be stored in HttpSession. The following is an example of implementation in which the Subject and the user attributes are stored in HttpSession (the line in bold letters).
<%
LoginContext lc = new LoginContext("Portal",
new WebPasswordHandler(request, response, null, "login.html", true));
try {
lc.login();
session.setAttribute("ExampleSubject", lc.getSubject());
session.setAttribute("ExampleCredential", lc.getSubject().getPublicCredentials().iterator().next());
} catch (LoginException e) { ... }%
>
...
|
All Rights Reserved. Copyright (C) 2013, Hitachi, Ltd