hi folks I asked a more generic version of this in

hi folks! I asked a more generic version of this in #server, but thought I’d ask here as well, seeing as this is as far as I can tell a bug/issue in ktor - as long as I’m not just missing some detail here 🙂 ktor-servlet defines the extension function

ApplicationRequest.javaSecurityPrincipal

, in

io/ktor/server/servlet/JAASBridge.kt

which checks if the request

is ServletApplicationRequest

. As far as I can tell, this never works, since the request is always a

RoutingApplicationRequest

that delegates to the original request in

io/ktor/server/routing/RoutingApplicationCall.kt

- i.e. the

is

check doesn’t find the

ServletApplicationRequest

instance, just the

RoutingApplicationRequest

, as

is

does not check for delegates (?). Is this a bug? Or is there some other way to access the principal on the servlet request from Ktor?

Aleksei Tirman [JB]

08/22/2022, 11:30 AM

Seems like this is a bug. Could you please file an issue?

August Lilleaas

08/22/2022, 11:30 AM

thanks, will do!

@Aleksei Tirman [JB] FYI: https://youtrack.jetbrains.com/issue/KTOR-4784

@Aleksei Tirman [JB] wohoo, it’s fixed now 😄 I see that the target release is 2.2. Do you happen to know when ish it will be out? And/or if it’s possible to include this in a 2.1.X patch release? And/or if there’s any way I can be of assistance? The reason I’m asking is that I’m writing a book about Kotlin, for Apress, and this particular bug fix would be very useful to have available in an official release some time before my november 1 deadline!

https://github.com/ktorio/ktor/commit/4ac94418d1ead448a29120f1db79ef590f30024f

the book includes a chapter on how to use Spring Security with Ktor, as the ultimate “gap bridger” so that people that require Spring Security for various enterprise and Conway’s law related reasons can still use Ktor 😄

4 Views

#ktor Join Slack