Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] accessing Request from Session Lifecycle Listener


The SessionHandler is the handler that resolves any existing session when a request enters a context, so it needs to be before anything that might access a session. By merely putting the SessionHandler first, you aren't guaranteeing that a session will always be created - this only happens iff it is either programmatically requested, or you hit a url with a security constraint on it that means that a FormAuthenticator - or other custom type of Authenticator - is invoked and it creates a session.  Are you sure you don't want to extend SecurityHandler?


On Fri, 14 Jun 2024 at 01:23, Jeremy Jackson via jetty-users <jetty-users@xxxxxxxxxxx> wrote:

I'm working with Jetty 12 trying to put a Kerberos and Client Certificate authentication handler *before* Jetty's default SessionHandler, and I'm coming up short on a way to propagate the authenticated identity into the HTTP Session.

specifically, I would like to access the Session from the onSessionCreated() method.  I'm open to extending one of Jetty's session components (as suggested by chatGPT) but I thought I'd inquire here first.

This is a Jetty embedded, native API project.

The examples I have found all have the SessionHandler coming first, so any subsequent handlers would have access to the Session, however I want to avoid creating a session entirely, for unauthenticated connections.



jetty-users mailing list
To unsubscribe from this list, visit

Jan Bartel <janb@xxxxxxxxxxx>
Expert assistance from the creators of Jetty and CometD

Back to the top