Re: [jBoss-User] Problems with Principal class propagation

[Scott M Stark]

> > In the new framework(that I am still testing), you will have access to the
> > Subject in a portable way if you are using the JAAS subject based proxy
> > mechanism since you can do:
> 
> > AccessControlContext acc = AccessController.getContext();
> > Subject subject = Subject.getSubject(acc);
> 
> > as method invocations are run within a Subject.doAsPrivileged() block.
> This sounds rather attractive.
> Just one question: you say "in a portable way", what do you mean?
> Is this way supported by some other EJB servers?
> Is it mentioned in some J2EE related specification?

It would be portable in the sense that IF and app server supported full JAAS
security then the above code works. A number of app servers are mentioning
support for JAAS, but I have not seen any details. None of the EJB or J2EE
specs I have read really are talking about subject based authorization yet so
the use of "portable" is speculative.




--
--------------------------------------------------------------
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
List Help?:          [EMAIL PROTECTED]