Re: Security Subject from AccessControlContext is null when using JAAS and CXF JAASAuthenticationFilter

Sun, 18 Jan 2015 05:26:39 -0800

Did you try with CXF 3.0.2 ? The older versions of CXF did not set the AccessControlContext.
Btw. if you use Blueprint you can also try the jaas authorization blueprint extension. See https://github.com/apache/aries/blob/trunk/blueprint/blueprint-itests/src/test/java/org/apache/aries/blueprint/itests/authz/AuthorizationTest.java 

Christian

Am 18.01.2015 um 13:29 schrieb Niels Bertram:



I am trying to get the contexts Principal from the 
AccessControlContext as documented on stackexchange 
<http://stackoverflow.com/questions/20970380/get-current-user-in-an-osgi-context-fuse-karaf>.



Unfortunately whenever I retrieve the subject using the current 
AccessControlContext, the subject is null.



I basically create a very simple jaxrs server and register the CXF 
JAASAuthenticationFilter with the server:


<bean  id="authenticationFilter"  
class="org.apache.cxf.jaxrs.security.JAASAuthenticationFilter">
     <property  name="contextName"  value="karaf"  />
</bean>

<jaxrs:server  id="echoResource"  address="/rest/echo">
     <jaxrs:serviceBeans>
         <bean  class="org.apache.karaf.jaas.modules.mongo.test.EchoServiceImpl"  
/>
     </jaxrs:serviceBeans>
     <jaxrs:providers>
         <ref  component-id="authenticationFilter"  />
     </jaxrs:providers>
</jaxrs:server>


When I execute the REST service, I try to get the Subject in the code 
as below but it is always null:


AccessControlContext  acc=  AccessController.getContext();
if  (acc==  null) {
   throw  new  RuntimeException("access control context is null");
}

Subject  subject=  Subject.getSubject(acc);
if  (subject==  null) {
   throw  new  RuntimeException("subject is null");
}


Interestingly if I inject the javax.ws.rs.core.SecurityContext into 
the CXF REST service, I do get a security principal.


public  Response  echo(@Context  SecurityContext  context) {
    Principal  user=  context.getUserPrincipal();
}


Is there another configuration required in Karaf or is this a bug in 
either Karaf or CXF? Would love to hear if anyone else came across this.


Cheers, Niels


BTW: I tried the same in karaf 2.3.9, 2.4.1 and 3.0.2 with exact same 
result.





--

 
Christian Schneider

http://www.liquid-reality.de

Open Source Architect
Talend Application Integration Division http://www.talend.com























					Reply via email to