javax.security.auth.subject disappears
Hi,
I'm running tomcat 5 with -security option and I'm using JAAS login module.
In the jsp pages in first request after I have identified my self Subject is null.
When I hit refresh (second request) Subject is correct subject with principals etc.
But after that in all requests Subject is empty, no principals etc.
I use follwing code to get Subject:
AccessControlContext acc = AccessController.getContext();
Subject sub = Subject.getSubject(acc);
I checked tomcat src code that it uses javax.security.auth.subject attribute to store
Subject in session.
CoyoteRequest.java
public void setUserPrincipal(Principal principal) {
if (System.getSecurityManager() != null){
HttpSession session = getSession(false);
if ( (subject != null)
(!subject.getPrincipals().contains(principal)) ){
subject.getPrincipals().add(principal);
} else if (session != null
session.getAttribute(Globals.SUBJECT_ATTR) == null) {
subject = new Subject();
subject.getPrincipals().add(principal);
}
if (session != null){
session.setAttribute(Globals.SUBJECT_ATTR, subject);
}
}
this.userPrincipal = principal;
}
I guess that session.getAttribute(Globals.SUBJECT_ATTR) is somehow null after second
request..
Any ideas what is causing this and how can I fix it?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: javax.security.auth.subject disappears
I resolved this. The problem was in SecurityUtil.java execute method.
fixed code in execute method:
...
if (subject == null){
subject = new Subject();
//I added following two lines
if (principal != null)
subject.getPrincipals().add(principal);
session.setAttribute(Globals.SUBJECT_ATTR, subject);
}
...
-Original Message-
From: Janne Väänänen
Sent: 17. toukokuuta 2004 12:12
To: [EMAIL PROTECTED]
Subject: javax.security.auth.subject disappears
Filter detected spam
Hi,
I'm running tomcat 5 with -security option and I'm using JAAS login module.
In the jsp pages in first request after I have identified my self Subject is null.
When I hit refresh (second request) Subject is correct subject with principals etc.
But after that in all requests Subject is empty, no principals etc.
I use follwing code to get Subject:
AccessControlContext acc = AccessController.getContext();
Subject sub = Subject.getSubject(acc);
I checked tomcat src code that it uses javax.security.auth.subject attribute to store
Subject in session.
CoyoteRequest.java
public void setUserPrincipal(Principal principal) {
if (System.getSecurityManager() != null){
HttpSession session = getSession(false);
if ( (subject != null)
(!subject.getPrincipals().contains(principal)) ){
subject.getPrincipals().add(principal);
} else if (session != null
session.getAttribute(Globals.SUBJECT_ATTR) == null) {
subject = new Subject();
subject.getPrincipals().add(principal);
}
if (session != null){
session.setAttribute(Globals.SUBJECT_ATTR, subject);
}
}
this.userPrincipal = principal;
}
I guess that session.getAttribute(Globals.SUBJECT_ATTR) is somehow null after second
request..
Any ideas what is causing this and how can I fix it?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: javax.security.auth.subject disappears
Janne Väänänen wrote:
I resolved this. The problem was in SecurityUtil.java execute method.
fixed code in execute method:
...
if (subject == null){
subject = new Subject();
//I added following two lines
if (principal != null)
subject.getPrincipals().add(principal);
OK I will take a look and port your fix.
Thanks
-- Jeanfrancois
session.setAttribute(Globals.SUBJECT_ATTR, subject);
}
...
-Original Message-
From: Janne Väänänen
Sent: 17. toukokuuta 2004 12:12
To: [EMAIL PROTECTED]
Subject: javax.security.auth.subject disappears
Filter detected spam
Hi,
I'm running tomcat 5 with -security option and I'm using JAAS login module.
In the jsp pages in first request after I have identified my self Subject is null.
When I hit refresh (second request) Subject is correct subject with principals etc.
But after that in all requests Subject is empty, no principals etc.
I use follwing code to get Subject:
AccessControlContext acc = AccessController.getContext();
Subject sub = Subject.getSubject(acc);
I checked tomcat src code that it uses javax.security.auth.subject attribute to store
Subject in session.
CoyoteRequest.java
public void setUserPrincipal(Principal principal) {
if (System.getSecurityManager() != null){
HttpSession session = getSession(false);
if ( (subject != null)
(!subject.getPrincipals().contains(principal)) ){
subject.getPrincipals().add(principal);
} else if (session != null
session.getAttribute(Globals.SUBJECT_ATTR) == null) {
subject = new Subject();
subject.getPrincipals().add(principal);
}
if (session != null){
session.setAttribute(Globals.SUBJECT_ATTR, subject);
}
}
this.userPrincipal = principal;
}
I guess that session.getAttribute(Globals.SUBJECT_ATTR) is somehow null after second
request..
Any ideas what is causing this and how can I fix it?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
