Re: Question about default subject in tomcat integration
DJ, Didn't you write the DefaultSubjectValve? ;-) Jeff David Jencks wrote: In GeronimoStandardContext this is the code that sets up the DefaultSubjectValve: //This is definitely a hack, but I don't see a reasonable way to install the defaultSubject. //Obviously this won't work if there are permissions. Setting the default subject if there are //permissions breaks authentication. boolean hasPermissions = securityHolder.getChecked().elements().hasMoreElements() || securityHolder.getExcluded().elements().hasMoreElements(); Valve defaultSubjectValve; if (!hasPermissions defaultSubject != null) { defaultSubjectValve = new DefaultSubjectValve(defaultSubject); } else { //this will clear the thread of any read subject added by some other web app defaultSubjectValve = new DefaultSubjectValve(null); } addValve(defaultSubjectValve); In DefaultSubjectValve, the operative code is: public void invoke(Request request, Response response) throws IOException, ServletException { boolean setSubject = ContextManager.getCurrentCaller() == null; if (setSubject) { ContextManager.setCurrentCaller(defaultSubject); ContextManager.setNextCaller(defaultSubject); try { getNext().invoke(request, response); } finally { ContextManager.setCurrentCaller(null); ContextManager.setNextCaller(null); } } else { getNext().invoke(request, response); } } This doesn't make any sense to me. If DefaultSubjectValve.defaultSubject is null, then DefaultSubjectValve will clear nextCaller if currentCaller is null, otherwise do nothing. I doubt this is critical functionality. However, it appears to me that the code in GeronimoStandardContext that sets DefaultSubjectValve.defaultSubject to null if the web app has checked constraints appears to me to prevent the default subject from being set for that portion of the app that is unsecured, which is where I thought it was important. Could someone explain just how always using the actual defaultSubject breaks authentication? thanks david jencks
Re: Question about default subject in tomcat integration
On Jan 4, 2006, at 2:49 PM, Jeff Genender wrote: DJ, Didn't you write the DefaultSubjectValve? ;-) That was three months ago! How do you expect me to remember such ancient history ??? :-) So, it looks to me as if GERONIMO-1012 was, as I thought, not complete and you shouldn't have closed it :-) Will continue investigating. Do you know of any way to install a valve AFTER the ones tomcat installs for you, or a way to change what those valves are? I think putting the DefaultSubjectValve after the authentication happens would fix the problems. thanks david jencks Jeff David Jencks wrote: In GeronimoStandardContext this is the code that sets up the DefaultSubjectValve: //This is definitely a hack, but I don't see a reasonable way to install the defaultSubject. //Obviously this won't work if there are permissions. Setting the default subject if there are //permissions breaks authentication. boolean hasPermissions = securityHolder.getChecked().elements().hasMoreElements() || securityHolder.getExcluded().elements().hasMoreElements(); Valve defaultSubjectValve; if (!hasPermissions defaultSubject != null) { defaultSubjectValve = new DefaultSubjectValve(defaultSubject); } else { //this will clear the thread of any read subject added by some other web app defaultSubjectValve = new DefaultSubjectValve (null); } addValve(defaultSubjectValve); In DefaultSubjectValve, the operative code is: public void invoke(Request request, Response response) throws IOException, ServletException { boolean setSubject = ContextManager.getCurrentCaller() == null; if (setSubject) { ContextManager.setCurrentCaller(defaultSubject); ContextManager.setNextCaller(defaultSubject); try { getNext().invoke(request, response); } finally { ContextManager.setCurrentCaller(null); ContextManager.setNextCaller(null); } } else { getNext().invoke(request, response); } } This doesn't make any sense to me. If DefaultSubjectValve.defaultSubject is null, then DefaultSubjectValve will clear nextCaller if currentCaller is null, otherwise do nothing. I doubt this is critical functionality. However, it appears to me that the code in GeronimoStandardContext that sets DefaultSubjectValve.defaultSubject to null if the web app has checked constraints appears to me to prevent the default subject from being set for that portion of the app that is unsecured, which is where I thought it was important. Could someone explain just how always using the actual defaultSubject breaks authentication? thanks david jencks
Re: Question about default subject in tomcat integration
David Jencks wrote: On Jan 4, 2006, at 2:49 PM, Jeff Genender wrote: DJ, Didn't you write the DefaultSubjectValve? ;-) That was three months ago! How do you expect me to remember such ancient history ??? :-) So, it looks to me as if GERONIMO-1012 was, as I thought, not complete and you shouldn't have closed it :-) Well it worked! That was good enough for me ;-) Will continue investigating. Do you know of any way to install a valve AFTER the ones tomcat installs for you, or a way to change what those valves are? I think putting the DefaultSubjectValve after the authentication happens would fix the problems. When an addValve() is done, it goes to the end of the pipeline. So its already after authenticating valves. Can you explain a little more in detail of the issue regarding when the defaultSubject needs to be there (or doesn't), then I can probably help with a solution here. Jeff thanks david jencks Jeff David Jencks wrote: In GeronimoStandardContext this is the code that sets up the DefaultSubjectValve: //This is definitely a hack, but I don't see a reasonable way to install the defaultSubject. //Obviously this won't work if there are permissions. Setting the default subject if there are //permissions breaks authentication. boolean hasPermissions = securityHolder.getChecked().elements().hasMoreElements() || securityHolder.getExcluded().elements().hasMoreElements(); Valve defaultSubjectValve; if (!hasPermissions defaultSubject != null) { defaultSubjectValve = new DefaultSubjectValve(defaultSubject); } else { //this will clear the thread of any read subject added by some other web app defaultSubjectValve = new DefaultSubjectValve(null); } addValve(defaultSubjectValve); In DefaultSubjectValve, the operative code is: public void invoke(Request request, Response response) throws IOException, ServletException { boolean setSubject = ContextManager.getCurrentCaller() == null; if (setSubject) { ContextManager.setCurrentCaller(defaultSubject); ContextManager.setNextCaller(defaultSubject); try { getNext().invoke(request, response); } finally { ContextManager.setCurrentCaller(null); ContextManager.setNextCaller(null); } } else { getNext().invoke(request, response); } } This doesn't make any sense to me. If DefaultSubjectValve.defaultSubject is null, then DefaultSubjectValve will clear nextCaller if currentCaller is null, otherwise do nothing. I doubt this is critical functionality. However, it appears to me that the code in GeronimoStandardContext that sets DefaultSubjectValve.defaultSubject to null if the web app has checked constraints appears to me to prevent the default subject from being set for that portion of the app that is unsecured, which is where I thought it was important. Could someone explain just how always using the actual defaultSubject breaks authentication? thanks david jencks