hi folks! I asked a more generic version of this i...
# ktor
a
hi folks! I asked a more generic version of this in #server, but thought I’d ask here as well, seeing as this is as far as I can tell a bug/issue in ktor - as long as I’m not just missing some detail here 🙂 ktor-servlet defines the extension function
ApplicationRequest.javaSecurityPrincipal
, in
io/ktor/server/servlet/JAASBridge.kt
which checks if the request
is ServletApplicationRequest
. As far as I can tell, this never works, since the request is always a
RoutingApplicationRequest
that delegates to the original request in
io/ktor/server/routing/RoutingApplicationCall.kt
- i.e. the
is
check doesn’t find the
ServletApplicationRequest
instance, just the
RoutingApplicationRequest
, as
is
does not check for delegates (?). Is this a bug? Or is there some other way to access the principal on the servlet request from Ktor?
a
Seems like this is a bug. Could you please file an issue?
a
thanks, will do!
👍 1
@Aleksei Tirman [JB] wohoo, it’s fixed now 😄 I see that the target release is 2.2. Do you happen to know when ish it will be out? And/or if it’s possible to include this in a 2.1.X patch release? And/or if there’s any way I can be of assistance? The reason I’m asking is that I’m writing a book about Kotlin, for Apress, and this particular bug fix would be very useful to have available in an official release some time before my november 1 deadline!
the book includes a chapter on how to use Spring Security with Ktor, as the ultimate “gap bridger” so that people that require Spring Security for various enterprise and Conway’s law related reasons can still use Ktor 😄