Hi, I'm trying to access a session bean on a second JBoss instance. Therefore I do a login for the second server using the method SecurityAssociation.pushSubjectContext(...). After the call I use SecurityAssociation.popSubjectContext() to restore the previous login. But it seems that after this call the login is still the principal of the second login! So I looked up the code for popSubjectContext, which looks like this:
public static SubjectContext popSubjectContext() | { | SecurityManager sm = System.getSecurityManager(); | if (sm != null) | sm.checkPermission(setPrincipalInfoPermission); | | SubjectContext sc = threadSubjectStacks.pop(); | return sc; | } In my opinion something is missing here. The current Prinicipal and Credentials should be set to the values of the SubjectContext element at the top of the stack. Something like this: public static SubjectContext popSubjectContext() | { | SecurityManager sm = System.getSecurityManager(); | if (sm != null) | sm.checkPermission(setPrincipalInfoPermission); | | SubjectContext sc = threadSubjectStacks.pop(); | SubjectContext top = threadSubjectStacks.peek(); | if (server) { | threadPrincipal.set(top.getPrincipal()); | threadCredential.set(top.getCredential()); | } else { | SecurityAssociation.principal = top.getPrincipal(); | SecurityAssociation.credential = top.getCredential(); | } | return sc; | } Is this correct? Or am I doing something really bad here? As a workaroud I am currently doing this in my code, which does the same without patching SecurityAssociation: | // login to second JBoss | SecurityAssociation.pushSubjectContext(null, new SimplePrincipal(username), password.toCharArray()); | // do call on second JBoss | ... | // now restore the previous login | // remove second login first | SecurityAssociation.popSubjectContext(); | // get previuous login | SubjectContext previous = SecurityAssociation.popSubjectContext(); | // re-login with previous principal and credentials | SecurityAssociation.pushSubjectContext(null, previous.getPrincipal(), previous.getCredential()); | Thanks for any comments on this! View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3932819#3932819 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3932819 ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user