Matt Harrison wrote:
Hi
I've implemented a JAAS Realm authentication module for my servlet/JSP web-app which is working a treat.
Can anybody tell me how to access in my servlets the
javax.security.auth.Subject object generated at login?
You can get it using
Subject.getSubject(AccessController.getContext())
This fronts an existing application and I would like to store the
user-specific jdbc database connection object generated at login as a
credential within the Subject and use it within the session context of my
web-app. I know that I could capture the username and password with a filter
and recreate the db connection post authentication, but I guess this kind of
defeats the purpose of container based security and creates unnecessary
session creation work at the database.
Tomcat 5 store the Subject as an attribute. Do a:
getAttribute("javax.security.auth.subject")
but this will not be portable (will works with JBoss/SunOne :-) ). An new API willprobably be added in Servlet 2.5 to address that missing part.
-- Jeanfrancois
Thanks in advance
Matt
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]