Viktor Matic wrote:
On Wed, 2004-05-19 at 18:49, Jeanfrancois Arcand wrote:
/*This line is in servlet service method*/
Subject.doAsPrivileged(subject, new SecuredActions(), null );
Yes, that's probably the problem since SecurityUtil has already set that
value. The AccesControlContext already has the Subject attached to it.
You may want to try:
Subject.getSubject(AccessController.getContext());
I have checked SecurityUtil class. If I understand it well it invokes
servlet service method with the doAsPrivileged and the subject cached in
the HttpSession. If I check current Subject with
Subject.getSubject(AccessController.getContext()) inside service method
before I call my doAsPrivleged it returns null.
So I use my subject (which I get from login context with
lc.getSubject()) to execute Subject.doAsPrivileged(subject, new
SecuredActions(), null )
protected code which in turn check the subject permission.
So I can try to describe whole situation as I see it:
First, servlet service method is called as doAsPrivileged with null
subject (which is cached in HttpSession) then I invoke doAsPrivileged
within service method with subject generated in Login procedure on
SecuredAction class. Here something goes wrong and I can't get what!?
This is probably related to the subject configuration. Can you create a
small test case that reproduce the problem? I will be able to better see
what's happening.
(P.S. This works fine on tomcat 4.1.30 maybe we should check
SecurityUtil class implementation there?)
There is no such class in 4.x. This was added in 5.x. That's why I
suspect the problem is with that class.
Thanks
-- Jeanfrancois
Viktor
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]