Jaas only sets the context inside the PriviledgedAction call.
So after the call it is normal that you can not get the context anymore.
If you try AccessController.getContext(); inside the run() method it
should work.
The problem is that the way the HttpContex-authenticated works you can
not call the rest of the code inside the Priviledged Action. So honestly
I am not sure
how to approach this.
Christian
On 25.06.2015 12:50, kuvalda wrote:
Hi, Christian!
I've found a post about this problem here.
http://stackoverflow.com/questions/26592821/configure-authentication-for-servlets-in-osgi
<http://stackoverflow.com/questions/26592821/configure-authentication-for-servlets-in-osgi>
Achim answered here, that the only way to authenticate in Servlets,
registered by OSGi way (whiteboard in our case), is to use specific
HttpContext with Servlet.
I tried to use AuthHttpContext from Pax Web Samples with modified method for
JAAS Login:
protected boolean authenticated(HttpServletRequest request) {
request.setAttribute(AUTHENTICATION_TYPE,
HttpServletRequest.BASIC_AUTH);
try {
LoginContext lc = new LoginContext(realm,
new BasicAuthCallbackHandler(
request.getHeader("Authorization")));
lc.login();
Subject.doAs(lc.getSubject(), new PrivilegedAction<Void>() {
@Override
public Void run() {
return null;
}
});
AccessControlContext acc = AccessController.getContext();
Subject subject = Subject.getSubject(acc);
System.out.println(subject == null);
request.setAttribute(REMOTE_USER, "test");
return true;
} catch (LoginException e) {
return false;
}
}
There's a mock PrivilegedAction, doing notihng.
But subject is null again in AccessController.getContext() even after
Subject.doAs().
What's the problem can be?
Thanks in advance!
Pavel
cschneider wrote
A JAAS login is not enough. You also need to call subject.doAs(handler);
Inside this call the AccessControlContext will then contain your subject.
For web there should be a better way to establish a JAAS context. Maybe
you can make pax web or jetty check the authentication and
already establish a JAAS context for you. I forwarded to Achim. He might
know if that works.
Christian
-----
Pavel
--
View this message in context:
http://karaf.922171.n3.nabble.com/Security-in-Module-tp4039307p4041072.html
Sent from the Karaf - User mailing list archive at Nabble.com.
--
Christian Schneider
http://www.liquid-reality.de
Open Source Architect
http://www.talend.com