https://issues.apache.org/bugzilla/show_bug.cgi?id=46011
Summary: Cannot access to Principal via
Subject.getSubject(AccessController.getContext())
Product: Tomcat 6
Version: 6.0.18
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: major
Priority: P2
Component: Catalina
AssignedTo: dev@tomcat.apache.org
ReportedBy: [EMAIL PROTECTED]
Cannot access to Principal via
Subject.getSubject(AccessController.getContext()).
Problem is that in method internalDoFilter of ApplicationFilterChain in call of
filter chain the code determinate the Principal but don't use it:
if( Globals.IS_SECURITY_ENABLED ) {
final ServletRequest req = request;
final ServletResponse res = response;
Principal principal =
((HttpServletRequest) req).getUserPrincipal();
Object[] args = new Object[]{req, res, this};
SecurityUtil.doAsPrivilege
("doFilter", filter, classType, args);
args = null;
} else {
In this manner a SecurityUtil.doAsPrivilege will be called with Principal ==
null
and method execute create a Subject with no Principals.
Then call a Subject.doAsPrivileged(subject, pea, null); and this do not
propagate Principals. I obtain a Subject without Principals calling
Subject.getSubject(AccessController.getContext()).
In attachment we send our solution
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
