EAServer allows you to retrieve additional IIOP or HTTP user session information when using the JAAS API to install custom security implementations. A sample that demonstrates these features is installed in the html/classes/Sample/JAAS directory of your EAServer installation.
When authenticating HTTP client access, you can retrieve the servlet request details associated with the client request, returned as an instance of javax.servlet.http.HttpServletRequest . EAServer provides a JAAS callback implementation in class com.sybase.jaguar.security.HttpServletRequestCallback. To retrieve servlet sessions, add an instance of this class to the callback stack in your implementation’s login method. Call the HttpServletRequestCallback.getHttpServletRequest() method to retrieve the servlet request. The method returns null if the request is not an HTTP request.
When authenticating IIOP client access, you can retrieve details about the client session as an instance of the CtsSecurity/SessionInfo built-in component. To do so, add the EAServer callback class com.sybase.jaguar.security.SessionInfoCallback to the callback stack in your implementation’s login method. Call the SessionInfoCallback.getSessionInfo() method to retrieve the CtsSecurity.SessionInfo class instance that describes the user session. For details on the CtsSecurity.SessionInfo methods, see the documentation in the following file in your EAServer installation:
html/ir/CtsSecurity__SessionInfo.html
