"[EMAIL PROTECTED]" wrote : No, the getActiveSubject is not a reliable call as evidenced by the change in behavior. 4.0.x no longer has a side effect of setting the thread subject on return from the authenticate method. Its the jobs of the caller of authenticate to establish whether or not there is a caller. |
Thanks for your reply. However, if it's not reliable, then the JaasSecurityManager class has other problems. The doesUserHaveRole methods (both), and the getUserRoles method expect this to be reliable. And, just grepping around the source, I find several classes that seem to rely on this being a reliable method: JBossAuthenticationHandler.java SubjectSecurityProxy.java (several places) SecurityDomainContext.java SecurityDomainEditor.java ...Several others... View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3876147#3876147 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3876147 ------------------------------------------------------- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user