I am trying to get the contexts Principal from the AccessControlContext as
documented on stackexchange
<http://stackoverflow.com/questions/20970380/get-current-user-in-an-osgi-context-fuse-karaf>
.
Unfortunately whenever I retrieve the subject using the current
AccessControlContext, the subject is null.
I basically create a very simple jaxrs server and register the CXF
JAASAuthenticationFilter with the server:
<bean id="authenticationFilter"
class="org.apache.cxf.jaxrs.security.JAASAuthenticationFilter">
<property name="contextName" value="karaf" />
</bean>
<jaxrs:server id="echoResource" address="/rest/echo">
<jaxrs:serviceBeans>
<bean class="org.apache.karaf.jaas.modules.mongo.test.EchoServiceImpl"
/>
</jaxrs:serviceBeans>
<jaxrs:providers>
<ref component-id="authenticationFilter" />
</jaxrs:providers>
</jaxrs:server>
When I execute the REST service, I try to get the Subject in the code as
below but it is always null:
AccessControlContext acc = AccessController.getContext();if (acc == null) {
throw new RuntimeException("access control context is null");
}
Subject subject = Subject.getSubject(acc);if (subject == null) {
throw new RuntimeException("subject is null");
}
Interestingly if I inject the javax.ws.rs.core.SecurityContext into the CXF
REST service, I do get a security principal.
public Response echo(@Context SecurityContext context) {
Principal user = context.getUserPrincipal();
}
Is there another configuration required in Karaf or is this a bug in either
Karaf or CXF? Would love to hear if anyone else came across this.
Cheers, Niels
BTW: I tried the same in karaf 2.3.9, 2.4.1 and 3.0.2 with exact same
result.
