[
https://issues.apache.org/jira/browse/GERONIMO-4765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12735424#action_12735424
]
Jürgen Weber commented on GERONIMO-4765:
----------------------------------------
As an application developer you are supposed to stick to standards, and for
Java security the Standard is JAAS. It has limitations for JEE thence the
extensions by BEA and IBM.
I suggest to include a doas() method to use a similar pattern as WAS and WLS
(which both use an API similar to javax.security.auth.Subject.doAs()) to make
it easier to write portable software, not to provide the "best" security API.
Unfortunately there seems no way for a working doAs() without a proprietary
extension, but it should be kept as small as possible.
Going away from JAAS might be another option, but not an option most
conservative IT managers would like. But if you do, you might as well have a
look at Apache Shiro.
> API for Assumed Identity (run-as) support
> -----------------------------------------
>
> Key: GERONIMO-4765
> URL: https://issues.apache.org/jira/browse/GERONIMO-4765
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 2.2
> Reporter: Jürgen Weber
> Fix For: 2.2
>
>
> To programmatically change the currently active subject, at the moment you
> have to use the following Geronimo-proprietary code:
> ContextManager.registerSubject(subject);
> Callers oldCallers = ContextManager.pushNextCaller(subject);
> try
> {
> // secure code
> }
> finally
> {
> ContextManager.popCallers(oldCallers);
> }
> (see
> http://www.nabble.com/NPE-in-ContextManager.getCurrentContext-ts24645453s134.html)
> There should be a simpler (less Geronimo-dependend code) API analog to
> javax.security.auth.Subject.doAs()
> (http://java.sun.com/javase/6/docs/api/javax/security/auth/Subject.html#doAs%28javax.security.auth.Subject,%20java.security.PrivilegedExceptionAction%29)
> This API itself cannot be used, see
> http://publib.boulder.ibm.com/infocenter/wasinfo/v5r1//index.jsp?topic=/com.ibm.websphere.base.doc/info/aes/ae/rsec_jaasauthor.html
> http://www.nabble.com/security-propagation-from-JAAS-context-to-EJB-question-ts24091806s134.html
> An API for Assumed Identity (run-as) support could be implemented like
> public <T> T doAs(Subject subject, PrivilegedExceptionAction<T> action)
> throws PrivilegedActionException
> {
> T t = null;
> ContextManager.registerSubject(subject);
> Callers oldCallers = ContextManager.pushNextCaller(subject);
> try
> {
> t = action.run();
> }
> catch (Exception e)
> {
> throw new PrivilegedActionException(e);
> }
> finally
> {
> ContextManager.popCallers(oldCallers);
> }
> return t;
> }
> This code could be put into a method of ContextManager or into a new class
> org.apache.geronimo.security.Security.
> This would still create a non-portable dependency to Geronimo in user code.
> You would use it like
> LoginContext lc = new LoginContext("geronimo-admin", handler);
> lc.login();
> Subject subject = lc.getSubject();
> String s = doAs(subject, new PrivilegedExceptionAction<String>()
> {
> public String run() throws Exception
> {
> return null; // secure code
> }
> });
> This would be analogous to similar APIs in Weblogic Server or Websphere AS.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
