atorres,
Warren6 is just plain silly. There are at least two ways to get the
Authenticated Subject. I think all of them are JBoss dependant; not sure if
this is a problem for you. However...
1.) the way you have done it is a great way using JNDI
2.) tomcat service has an SubjectAttributeNam
The Principal returned by the request is a SimplePrincipal, it doesn't have the
getSubject method :(
I discovered that the subject is in the JNDI tree:
ctx.lookup("java:/comp/env/security/subject");
another interesting thing is that if I create the subject myself by using the
LoginContext , no
Just an anfter thought. If you subclass realm and genericprincpal and add a
principal.getSubject() method then return the origional subject. Then you can
get it from ((MYPrincipal)request.getPrincipal()).getSubject()
This is what jboss appear to have done. so if you happen to have authenticated
You cant really, as it is dicarded in the process, sorry. You get null because
in the executing context no subject is set. =)
The authentication does not affect the Java systems level security layer.
The JASS login Realm will have authenticated using the tomcat callbackhandler
and returned th
