> When using the example JAAS setup and hello statefull bean (from the
> JBoss site docs), I tried the following in the hello business method of
> the bean.
>
> Subject s = Subject.getSubject(AccessController.getContext());
>
> This returns null. Shouldn't it return a Subject with my principal in
> its set of principals?
>
No. EJB method invocations are not run under Subject.doAs/doAsPrivaledged
code blocks which is the only way an AccessControlContext has a Subject
associated with it. Custom security proxy classes are run under a
Subject.doAsPrivaledged
code block to allow the security proxy to perform access control checks with the
authenticated Subject's permissions active. The use of custom security proxies has
not been fully documented as yet but there is some preliminary info in the JBossSX
chapter of the new docbook stuff: http://www.jboss.org/documentation/HTML/index.html
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
