Hello, I am trying to integrate a custom user authentication mechanism with JRUN4 using JAAS.
I created the required JAAS Login module, changed the auth.config file and JRUN is successfully invoking my Login Module for authentication. In the commit method of the Login Module, I am attaching some Principals and credentials to the subject passed on to me by the login context. Now I need to access the principles and credentials I have attached to the subject from my JSPs/servlets/helperclass. But I don't see any way, how I can get the reference of the 'Subject' that is currently associated with the request thread. I tried request.getUserPrincipal(), but it is returning my an object of class jrun.servlet.security.AuthenticatedPrincipal instead of the principal that I have attached to the subject. Is this a bug or intended behavior? Also, how will I access the credentials? For that I have to first get hold of the 'Subject' that is currently associated with the request. How will I do this in Jrun4? Also as per JAAS, had Jrun associated the authenticated subject with the AccessControllerContext of the thread, I would have easily got the reference from the thread stack by calling Subject.getSubject(AccessController.getContext()). Since this function returns null, I assume JRUN4 is not following the standard security context propagation specified by JAAS. If Jrun is using a custom mechanism for storing the current authenticated SecurityContext, what is the standard programming API for accessing it? I explored the JRunSecurityManager API, got the SecurityManager object from JNDI, but failed to locate any method that returns me the 'SecurityContext' associated with the current request. I appreciate any hints/workarounds any one in this group can suggest, to solve this issue. Regards, Sieijish Dominic. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=8 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=8 This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com
