As I am workign on some JAAS login modules, I realized that I am spending a lot of time building a complete Subject with a bunch of principal attached to it to represent all the aspect of the user being authenticated.
Ideally, I'd like to access all those details in my EJB session bean code to do finer grained security checks (or even single sign-on to external resources). The problem is that with my EJB session bean code, I can only access one Principal (through the EJBContext), not the complete Subject that was built at authentication time. The different options that I can see are as follow: 1) Do something like Subject.getSubject (AccessController.getContext()) in the session bean code to get the subject. It assumes that the app server is calling the bean code with a doAs operation, which, I do not think is the case with JBoss, even if running under a java security manager. 2) Create my own Principal class or may be a Group class that is used in my login module to create the CallerPrincipal. Such class could then have all the information that I might need in my code. 3) Some kind of other mechanism to access the authenticated subject for each request. Any suggestions/ideas on the best way to do that? Thanks. Thomas View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3858084#3858084 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3858084 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
