Upto Jaffa v1.1 we had a 'AuthenticationManager' in the package
org.jaffa.presentation.portlet.security. Its job was
to make sure that the authenticated user for a request was in-sync with the current UserSession object attached to the request.
New in Jaffa v1.2 is the
UserSessionFilter. It has the same job of guarenteeing that the UserSession object
associated with the current request thread is valid, and contains the correct contextual information about a user.
The difference with the new filter version is firstly it requires Servlet Spec 2.3 (the other worked with 2.2), and secondly,
the prevoius version only did the UserSession check when an action was invoked via 'PortletServelt'. What this meant
its that if the entry to the site is via JSP, they can't assume the UserSession has been set up, until the first *.do URL has been
processed. This is not good if for example you expect after log on the UserSession to be initialized, so that you can display things
like 'User Name' from a custom UserData object held in the UserSession.
What does this Filter do for me?
In a nut shell, if you want to initialize the UserSession to contain context about this user, you would create a 'javabean' to store
these properties, that would be then stored in UserSession via
setUserData(Object data). The default version of the
UserSessionFilter (found in package
org.jaffa.presentation.portlet.session) just makes sure the UserSession user stays
in-sync with the UserPrinicipal associated to the session. If at anypoint the filter needs to re-build the UserSession information it
called the method
public void initUserInfo(UserSession us). By default this method does nothing.
Customizing The Log-On Process
It is expected that developers will want to extent the class
with there own filter, and overwrite the method
public void initUserInfo(UserSession us).
If you are converting a earlier implementation where you already have a custom class that has been extending
org.jaffa.presentation.portlet.security.WebContainerAuthenticationManager, they this will probably already have
a method for
public void initUserInfo(UserSession us). This code can now be re-used by inserting it in this
new custom filter. The only real difference its that the method in the new filter can throw a
to report any initialization errors.