[JBoss-user] [Security & JAAS/JBoss] - Push/PopSubjectContext

Mon, 27 Mar 2006 05:05:05 -0800 

Hi,

I'm trying to access a session bean on a second JBoss instance. Therefore I do 
a login for the second server using the method 
SecurityAssociation.pushSubjectContext(...). After the call I use 
SecurityAssociation.popSubjectContext() to restore the previous login. But it 
seems that after this call the login is still the principal of the second login!
So I looked up the code for popSubjectContext, which looks like this:

   public static SubjectContext popSubjectContext()
  |    {
  |       SecurityManager sm = System.getSecurityManager();
  |       if (sm != null)
  |          sm.checkPermission(setPrincipalInfoPermission);
  | 
  |       SubjectContext sc = threadSubjectStacks.pop();
  |       return sc;
  |    }

In my opinion something is missing here. The current Prinicipal and Credentials 
should be set to the values of the SubjectContext element at the top of the 
stack. Something like this:

   public static SubjectContext popSubjectContext()
  |    {
  |       SecurityManager sm = System.getSecurityManager();
  |       if (sm != null)
  |          sm.checkPermission(setPrincipalInfoPermission);
  | 
  |       SubjectContext sc = threadSubjectStacks.pop();
  |       SubjectContext top = threadSubjectStacks.peek();
  |       if (server) {
  |          threadPrincipal.set(top.getPrincipal());
  |          threadCredential.set(top.getCredential());
  |       } else {
  |          SecurityAssociation.principal = top.getPrincipal();
  |          SecurityAssociation.credential = top.getCredential();
  |       }
  |       return sc;
  |    }

Is this correct? Or am I doing something really bad here?
As a workaroud I am currently doing this in my code, which does the same 
without patching SecurityAssociation:


  | // login to second JBoss
  | SecurityAssociation.pushSubjectContext(null, new SimplePrincipal(username), 
password.toCharArray());
  | // do call on second JBoss
  | ...
  | // now restore the previous login
  | // remove second login first
  | SecurityAssociation.popSubjectContext();
  | // get previuous login
  | SubjectContext previous = SecurityAssociation.popSubjectContext();
  | // re-login with previous principal and credentials
  | SecurityAssociation.pushSubjectContext(null, previous.getPrincipal(), 
previous.getCredential());
  | 

Thanks for any comments on this!

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3932819#3932819

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3932819


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to