RE: javax.security.auth.subject disappears

Mon, 17 May 2004 03:28:40 -0700 

I resolved this. The problem was in SecurityUtil.java execute method.
fixed code in execute method:
...
if (subject == null){
subject = new Subject();

//I added following two lines
if (principal != null)
  subject.getPrincipals().add(principal);

session.setAttribute(Globals.SUBJECT_ATTR, subject);
}
...


-----Original Message-----
From: Janne Väänänen 
Sent: 17. toukokuuta 2004 12:12
To: [EMAIL PROTECTED]
Subject: javax.security.auth.subject disappears
Filter detected spam


Hi,

I'm running tomcat 5 with -security option and I'm using JAAS login module.
In the jsp pages in first request after I have identified my self Subject is null.
When I hit refresh (second request) Subject is correct subject with principals etc.
But after that in all requests Subject is empty, no principals etc.

I use follwing code to get Subject:
 AccessControlContext acc = AccessController.getContext();
 Subject sub = Subject.getSubject(acc);

I checked tomcat src code that it uses javax.security.auth.subject attribute to store 
Subject in session.
CoyoteRequest.java

    public void setUserPrincipal(Principal principal) {

        if (System.getSecurityManager() != null){
            HttpSession session = getSession(false);
            if ( (subject != null) && 
                 (!subject.getPrincipals().contains(principal)) ){
                subject.getPrincipals().add(principal);         
            } else if (session != null &&
                        session.getAttribute(Globals.SUBJECT_ATTR) == null) {
                subject = new Subject();
                subject.getPrincipals().add(principal);         
            }
            if (session != null){
                session.setAttribute(Globals.SUBJECT_ATTR, subject);
            }
        } 

        this.userPrincipal = principal;
    }

I guess that session.getAttribute(Globals.SUBJECT_ATTR) is somehow null after second 
request..
Any ideas what is causing this and how can I fix it?




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to