Hi Juergen,
I don't remember everything about how the openejb remote auth works. Maybe if
you show your app client login config it would help :-)
In general the server shouldn't trust subjects sent from arbitrary clients, why
should it trust the client? The ServerIdentityToken is a private credential,
not a principal, right?
There's some corba csiv2 stuff you can set up if you really want a way for the
server to trust subjects from your app client, but generally the openejb remote
login way is simpler.
thanks
david jencks
On Jul 18, 2012, at 11:25 AM, weberjn wrote:
> David,
>
> thanks, I tried this now,
> ContextManager.getCurrentCaller() returns after setCallers
> Private Credential: org.apache.geronimo.openejb.ServerIdentityToken@c2015793
>
> but in the EJB ctx.getCallerPrincipal().getName() returns UNAUTHENTICATED
>
> This is a 2.1 EJB with <method-permission> <unchecked />
> but still I think the principal should be transferred, isn't it?
>
> Juergen
>
>
> David Jencks wrote
>>
>> Is this code run in the app client?
>>
>> I think there is no pre-existing logged in Subject? This will mean the
>> oldCallers below will have no Subjects in it.
>>
>> I think you want
>>
>> ContextManager.setCallers(subject, subject);
>> try {
>> //whatever
>> } finally {
>> ContextManager.clearCallers();
>> }
>>
>> thanks
>> david jencks
>>
>> On Jul 18, 2012, at 8:50 AM, weberjn wrote:
>>
>>> Hi,
>>>
>>> I still need nested security context, to invoke EJBs from an application
>>> client with changing subjects.
>>>
>>> I tried the ContextManager code below, but it does not work, the current
>>> subject is null.
>>> Is there a better code for this?
>>>
>>> Thanks, Juergen
>>>
>>> See also:
>>> https://issues.apache.org/jira/browse/GERONIMO-4765
>>> https://java2s.com/Open-Source/Java/EJB-Server/geronimo/security/org/apache/geronimo/security/ContextManagerTest.java.htm
>>>
>>>
>>> context.login();
>>> subject subject = context.getSubject();
>>>
>>> ContextManager.registerSubject(subject);
>>> Callers oldCallers = ContextManager.pushNextCaller(subject);
>>> // sowhere other in the call chain
>>> try
>>> {
>>> Subject subject1 = ContextManager.getCurrentCaller();
>>>
>>> System.out.println("getCurrentSubject1() -> " + subject1);
>>>
>>> // invoke EJB here under subject1
>>> }
>>> finally
>>> {
>>> ContextManager.popCallers(oldCallers);
>>> }
>>>
>>> getCurrentSubject1() -> null
>>>
>>>
>>>
>>> --
>>> View this message in context:
>>> http://apache-geronimo.328035.n3.nabble.com/API-for-nested-subjects-tp3985483.html
>>> Sent from the Users mailing list archive at Nabble.com.
>>
>
>
> --
> View this message in context:
> http://apache-geronimo.328035.n3.nabble.com/API-for-nested-subjects-tp3985483p3985485.html
> Sent from the Users mailing list archive at Nabble.com.
