Looking for way to canHandshake validate oort session

28 views
Skip to first unread message

M3

unread,
May 21, 2012, 4:06:56 PM5/21/12
to cometd...@googlegroups.com
I didn't find too much searching on this but maybe I missed something.   Currently I have a service built on the AnnontationCometdServlet.  Here is a snippet:

@Service("myService")
public final class myService
{

   @Inject
    private BayeuxServer bayeux;
    @Session
    private ServerSession session;
    private BayeuxAuthenticator authenticator = new BayeuxAuthenticator();

    public myService() {

    ....
        ....

    }
    
    @PostConstruct 
    public void setSecurity() {
    System.out.println("Setting security policy");
    bayeux.setSecurityPolicy(authenticator);
    }

In this authenticator, I need two code branches.  One will handle authentication of non oort handshakes using the HttpServletRequest object and connecting to a legacy application for validation.

Unfortunately, this validation will fail for oort handshakes (obviously).  I have implemented BayeuxAuthenticator as follows, but am not sure how to check for an Oort handshake in the canHandshake method.

public class BayeuxAuthenticator extends DefaultSecurityPolicy implements ServerSession.RemoveListener
{
    @Override
    public boolean canHandshake(BayeuxServer server, ServerSession session, ServerMessage message)
    {
    try {
    if (oort.isOort(session)) {
    return true;
    }
    } catch (NullPointerException np) {
   
    }
}

I'm sure I'm missing something easy here...  Thanks for the help.

Simone Bordet

unread,
May 22, 2012, 3:56:29 AM5/22/12
to cometd...@googlegroups.com
Hi,
So you get a NullPointerException ?
How do you inject the "oort" field into the BayeuxAuthenticator ?

Simon
--
http://cometd.org
http://intalio.com
http://bordet.blogspot.com
----
Finally, no matter how good the architecture and design are,
to deliver bug-free software with optimal performance and reliability,
the implementation technique must be flawless.   Victoria Livschitz

M3

unread,
May 22, 2012, 9:30:48 AM5/22/12
to cometd...@googlegroups.com
So, right now, I am injecting it into the service(attempting to) and then passing it in to BayeuxAuthenticator in the constructor.  Have tried this a few ways and the snippet I pasted yesterday didn't have these exact changes.

@Service
...
...
@Inject
    private BayeuxServer bayeux;
@Inject
private Oort oort;
    @Session
    private ServerSession session;
    private BayeuxAuthenticator authenticator;
...
...
    @PostConstruct 
    public void setSecurity() {
    SCCDChatUtility.debug("Waiting to set security policy");
    authenticator = new BayeuxAuthenticator(oort);
    bayeux.setSecurityPolicy(authenticator);
    }

--------------

public class BayeuxAuthenticator extends DefaultSecurityPolicy implements ServerSession.RemoveListener
{
    private final Oort oort;

    public BayeuxAuthenticator(Oort oort)
    {
        this.oort = oort;
    }

Simone Bordet

unread,
May 22, 2012, 10:03:18 AM5/22/12
to cometd...@googlegroups.com
Hi,

On Tue, May 22, 2012 at 3:30 PM, M3 <jchri...@gmail.com> wrote:
> So, right now, I am injecting it into the service(attempting to) and then
> passing it in to BayeuxAuthenticator in the constructor.  Have tried this a
> few ways and the snippet I pasted yesterday didn't have these exact changes.
>
> @Service
> ...
> ...
> @Inject
>     private BayeuxServer bayeux;
> @Inject
> private Oort oort;

@Inject on Oort only works if you instantiate manually the
ServerAnnotationProcessor using the constructor that takes additional
injectables, see for example:
https://github.com/cometd/cometd/blob/master/cometd-java/cometd-java-oort/src/test/java/org/cometd/oort/OortDemoServlet.java

CometD is not a full blown DI framework, so support for automatic
injection is limited (but doable manually).
Reply all
Reply to author
Forward
0 new messages