Hey all,
I'm trying desperately to get JOSSO to work with JBoss 4.0.1. In my travels
(with a lot of tracing), I've come across what appears to be the big reason
it's not working at this juncture. It boils down to a change in
JaasSecurityManager between 3.x and 4.x of JBoss in the authenticate method.
You see, right now, when the JOSSO code is calling to get the activeSubject
(with this call: Subject activeSubject = securityMgr.getActiveSubject();), the
result is coming back null.
When I compare the authenticate methods between 3.x and 4.x in the
JaasSecurityManager, 3.x used to make a call to setActivePrincipal that's no
longer being called in 4.x.
Here's the 3.x version of the code (the // <===== are my comments):
| private boolean authenticate(Principal principal, Object credential,
| Subject theSubject)
| {
| Subject subject = null;
| boolean authenticated = false;
| LoginException authException = null;
|
| try
| {
| // Clear any current subject
| SubjectActions.setActiveSubject(null); // <=====
|
|
|
| // Validate the principal using the login configuration for this
domain
| LoginContext lc = defaultLogin(principal, credential);
| subject = lc.getSubject();
|
| // Set the current subject if login was successful
| if( subject != null )
| {
| // Copy the current subject into theSubject
| if( theSubject != null )
| {
| SubjectActions.copySubject(subject, theSubject);
| }
| else
| {
| theSubject = subject;
| }
|
| authenticated = true;
| // Build the Subject based DomainInfo cache value
| Subject cacheSubject = updateCache(lc, subject, principal,
credential);
| // Associate the subject with the thread
| SubjectActions.setActiveSubject(cacheSubject); // <=====
|
| }
| }
|
| ...catch code snipped...
|
Here's the 4.x version:
| private boolean authenticate(Principal principal, Object credential,
| Subject theSubject)
| {
| Subject subject = null;
| boolean authenticated = false;
| LoginException authException = null;
|
| try
| {
| // Validate the principal using the login configuration for this
domain
| LoginContext lc = defaultLogin(principal, credential);
| subject = lc.getSubject();
|
| // Set the current subject if login was successful
| if( subject != null )
| {
| // Copy the current subject into theSubject
| if( theSubject != null )
| {
| SubjectActions.copySubject(subject, theSubject);
| }
| else
| {
| theSubject = subject;
| }
|
| authenticated = true;
| // Build the Subject based DomainInfo cache value
| updateCache(lc, subject, principal, credential);
| }
| }
| ...catch code snipped...
|
As near as I can tell in the code, the setActiveSubject stuff in SubjectActions
has been replaced by push/pop actions: pushSubjectContext
But no matter what, shouldn't securityMgr.getActiveSubject() return the active
subject - especially if it's just been authenticated?
Thanks for your help!
Marc
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3875969#3875969
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3875969
-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games.
Get your fingers limbered up and give it your best shot. 4 great events, 4
opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
