Is there any update on https://issues.apache.org/jira/browse/KI-22 this issue ? I am getting into the Apache Ki project and I believe I am running into this exact issue. Basically, it would be ideal to get a Subject using some data, such as the session ID, as I am trying to use Ki outside of the typical web application context. Since getting a session/subject seems to be tied to the thread context coming from an InetAddress, I can't get the proper subject.
I'm a bit new to Apache Ki, so forgive me if I am missing anything obvious. It's a great project based on my experience so far. What I'm trying to do is implement something similar to http://blogs.sun.com/indira/entry/rest_based_identity_services_in OpenSSO's REST interface . So basically, I would like to have a dedicated Apache Ki powered security service application that is functioning as a simple identity management/SSO/security service solution that other applications can use via a REST interface or something else. If you take a look at OpenSSO's REST interface, it uses the session id token (returned from a successful authentication request) in a similar way. I'm not saying this is exactly how it should be done, of course - just pointing it out. Any suggestions? Thanks much, Craig Les Hazlewood-2 wrote: > > I was playing around with potential solutions this weekend for assumed > identity support as well as thinking about how to acquire a Subject > without > requiring a log in by the software developer and this issue: > > https://issues.apache.org/jira/browse/JSEC-17 > > is very much related to this thread. It goes back to being able to > acquire > a Subject instance based on some initial set of data. In SSO > applications, > that 'initial set of data' might be just an SSO Token (e.g. session id). > In > a daemon process, it could be a PrincipalCollection instance. Or maybe > its > just a single principal. > > I think we'll need to the ability to do this - not just get the 'current' > subject. > > Might this be related to assuming an identity? At first glance, I think > it > is an orthoganal issue. I'm not sure that this: > > securityManager.getSubject( initData ); > > is (or should be) semantically equivalent to this: > > Subject subject = securityManager.getSubject(); > subject.assumeIdentity( initData ); > > Thoughts? > > -- View this message in context: http://n2.nabble.com/Subject-access-outside-of-a-web-environment-tp1694632p2914755.html Sent from the JSecurity Developer mailing list archive at Nabble.com.
