One thing I just noticed - I looked at the DefaultSecurityManager class and noticed the private method getSubjectBySessionId(Serializable sessionId) that seems to be what I'm looking for. Is there a reason why this is a private method instead of a public one?
Thanks much, Craig Les Hazlewood-2 wrote: > > I was playing around with potential solutions this weekend for assumed > identity support as well as thinking about how to acquire a Subject > without > requiring a log in by the software developer and this issue: > > https://issues.apache.org/jira/browse/JSEC-17 > > is very much related to this thread. It goes back to being able to > acquire > a Subject instance based on some initial set of data. In SSO > applications, > that 'initial set of data' might be just an SSO Token (e.g. session id). > In > a daemon process, it could be a PrincipalCollection instance. Or maybe > its > just a single principal. > > I think we'll need to the ability to do this - not just get the 'current' > subject. > > Might this be related to assuming an identity? At first glance, I think > it > is an orthoganal issue. I'm not sure that this: > > securityManager.getSubject( initData ); > > is (or should be) semantically equivalent to this: > > Subject subject = securityManager.getSubject(); > subject.assumeIdentity( initData ); > > Thoughts? > > -- View this message in context: http://n2.nabble.com/Subject-access-outside-of-a-web-environment-tp1694632p2915136.html Sent from the JSecurity Developer mailing list archive at Nabble.com.
