[jira] Created: (GERONIMO-4765) API for Assumed Identity (run-as) support

Sun, 26 Jul 2009 03:35:48 -0700 

API for Assumed Identity (run-as) support
-----------------------------------------

                 Key: GERONIMO-4765
                 URL: https://issues.apache.org/jira/browse/GERONIMO-4765
             Project: Geronimo
          Issue Type: Improvement
      Security Level: public (Regular issues)
          Components: security
    Affects Versions: 2.2
            Reporter: Jürgen Weber
             Fix For: 2.2


To programmatically change the currently active subject, at the moment you have 
to use the following Geronimo-proprietary code:

ContextManager.registerSubject(subject);
Callers oldCallers = ContextManager.pushNextCaller(subject);
try
{
        // secure code
}
finally
{
        ContextManager.popCallers(oldCallers);
}


(see 
http://www.nabble.com/NPE-in-ContextManager.getCurrentContext-ts24645453s134.html)


There should be a simpler (less Geronimo-dependend code) API analog to 
javax.security.auth.Subject.doAs()
(http://java.sun.com/javase/6/docs/api/javax/security/auth/Subject.html#doAs%28javax.security.auth.Subject,%20java.security.PrivilegedExceptionAction%29)

This API itself cannot be used, see 
http://publib.boulder.ibm.com/infocenter/wasinfo/v5r1//index.jsp?topic=/com.ibm.websphere.base.doc/info/aes/ae/rsec_jaasauthor.html
http://www.nabble.com/security-propagation-from-JAAS-context-to-EJB-question-ts24091806s134.html


An API for Assumed Identity (run-as) support could be implemented like

        public <T> T doAs(Subject subject, PrivilegedExceptionAction<T> action)
                        throws PrivilegedActionException
        {
                T t = null;

                ContextManager.registerSubject(subject);
                Callers oldCallers = ContextManager.pushNextCaller(subject);
                try
                {
                        t = action.run();
                }
                catch (Exception e)
                {
                        throw new PrivilegedActionException(e);
                }
                finally
                {
                        ContextManager.popCallers(oldCallers);
                }

                return t;
        }

This code could be put into a method of ContextManager or into a new class 
org.apache.geronimo.security.Security. 
This would still create a non-portable dependency to Geronimo in user code.

You would use it like 

LoginContext lc = new LoginContext("geronimo-admin", handler);
lc.login();
Subject subject = lc.getSubject();
String s = doAs(subject, new PrivilegedExceptionAction<String>()
{
        public String run() throws Exception
        {
                return null; // secure code
        }
});

This would be analogous to similar APIs in Weblogic Server or Websphere AS.



-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to