On Jul 28, 2009, at 4:02 AM, Juergen Weber wrote:
Hi,
I found that if the code between pushNextCaller and popCallers still
runs
with the previous Subject, i.e.
// point A
Callers oldCallers = ContextManager.pushNextCaller(subject);
// point B
System.out.println("getCurrentCaller(): " +
ContextManager.getCurrentCaller());
System.out.println("Subject.getSubject: " +
Subject.getSubject(ContextManager.getCurrentContext()));
ContextManager.popCallers(oldCallers);
the println() outputs at B give the same Subject as at A, the pushed
subject
is not active until the next called ejb. Being used to the doas()
semantics
this is kind of surprising...
Would it be possible to change the behaviour to get the new Subject
immediately active?
This stuff is definitely weird and confusing, but is there to support
run-as semantics. Run-as is not explained very well in any spec I've
seen but after long study I think its supposed to work like this:
Start with identity A
call component C1 which is configured with run-as identity B
when you call C1 or ask isUserInRole() in C1 or getUserPrincipal/
getCallerPrincipal in C1, the answer is derived from A
If, in C1, you call a further component C2, the permissions for the
operation you want to do, isUserInRole, getUser/CallerPrincipal in C2
are all determined from the run-as identity B.
So, ContextManager.push sets up the run-as identity the next component
to be called will use.
So unless you can convince me my understanding of run-as identities is
wrong we aren't going to change how the push/pop stuff works. It
really isn't intended for use by applications.
On the other hand, if you want to immediately execute under another
identity you can set both the subjects the context manager tracks
using setCallers. Be sure to restore the previous state when you are
done.
thanks
david jencks
Thanks,
Juergen
Juergen Weber wrote:
djencks wrote:
Geronimo uses the AccessControlContext for the Subject to evaluate
security decisions. So, you need to get Geronimo to compute and
store
this ACC for you.
[..]
Well, the methodname pushNextCaller suggests that it would do that.
Anyway, with the code below it works now.
This code should be in Geronimo itself, I created GERONIMO-4765.
Thanks,
Jürgen
SimpleCallbackHandler handler = new SimpleCallbackHandler(
user, password.toCharArray());
LoginContext lc = new LoginContext("geronimo-admin", handler);
lc.login();
Subject subject = lc.getSubject();
System.out.println("lc.getSubject: " + subject);
ContextManager.registerSubject(subject);
Callers oldCallers = ContextManager.pushNextCaller(subject);
try
{
s1 = secured3Bean.secureMethod(input);
}
finally
{
ContextManager.popCallers(oldCallers);
}
--
View this message in context:
http://www.nabble.com/NPE-in-ContextManager.getCurrentContext-tp24645453s134p24697077.html
Sent from the Apache Geronimo - Users mailing list archive at
Nabble.com.
