One thing to clarify the problem:
I'm trying to use authentication and authorization in whiteboard servlet.
There is such a code in doGet for debug:
LoginContext lc = new LoginContext("umrp-realm", callbackHandler);
lc.login();
System.out.println(lc.getSubject().getPrincipals());
Subject subject = Subject.getSubject(AccessController.getContext());
System.out.println(subject == null);
I have a subject in loginContext after login, but subject in
AccessControlContext is null.
So calling the secured methods fails with
/java.security.AccessControlException No JAAS login present/.
Am I doing something wrong?
kuvalda wrote
> Hi, Christian!
> I have questions about getting the authentication result in a place
> different of where we do authentication.
> There is such description of Subject.getSubject method In Javadoc:
*
> Get the Subject associated with the provided AccessControlContext.
> The AccessControlContext may contain many Subjects (from nested doAs
> calls). In this situation, the most recent Subject associated with the
> AccessControlContext is returned.
*
>
> So we can get that:
> 1. there is no any Subject in AccessControlContext, if we don't call any
> secured method. It means, that just after a simple LoginContext.login()
> we can't get a Subject from AccessControlContext.
> 2. If other Subject calls some secured method in the same thread, it
> replaces the current Subject in AccessControlContext, and the result of
> Subject.getSubject() will be different.
>
> Thanks!
> Pavel
> cschneider wrote
>> There is one more thing you should look into. Quite often you will need
>> the authentication result in a place different from the place where you
>> do the authentication.
>> Passing the subject around is not very effective.
>>
>> Luckily there is a quite unknown way in JAAS to do this:
>>
>> AccessControlContext acc = AccessController.getContext();
>> Subject subject = Subject.getSubject(acc);
>>
>> This allows to get the subject at any place in your code.
-----
Pavel
--
View this message in context:
http://karaf.922171.n3.nabble.com/Security-in-Module-tp4039307p4040447.html
Sent from the Karaf - User mailing list archive at Nabble.com.
