2 Replies Latest reply on Mar 30, 2004 10:08 AM by starksm64

Subject.doAs don't work. Please help me!

phantom Mar 29, 2004 4:27 AM

Sometime ago we change main developer server from weblogic to JBOSS and trying to rebuild our security system to JBOSS security approach. But we discover than Subject.doAs donÃƒÂ‚Ã‚Â’t work at all. Please, explain how can we execute privileged code?

Example
Code in non EJB class:

...............
 log.debug("run!1 principal = "+SecurityAssociation.getPrincipal());
 ret = Subject.doAs(getInternalSubject(), new PrivilegedExceptionAction()
 {
 public Object run() throws Exception
 {
 log.debug("run!2 principal = "+SecurityAssociation.getPrincipal());
 return grant.getValue(si);
 }
 });
................

where

public static Subject getInternalSubject()
 {
 log.debug("getInternalSubject");
 if (internalSubject == null)
 {
 try
 {
 LoginContext lc = new LoginContext("XXX-domain", new XXXCallbackHandler("internal", "internal"));
 lc.login();
 internalSubject = lc.getSubject();
 }
 catch (LoginException e)
 {
 throw new SkyNetRuntimeException("Exception during internal logining", e);
 }
 }
 log.debug("internal subject = " + internalSubject);
 return internalSubject;
 }

but we get

run!1 Principal = phantom
run!2 Principal = phantom

Also in SecurityAssociation I find very interesting methods: pushRunAsRole popRunAsRole - can you explain in what cases I must/can use these methods?

Thank you!

1. Re: Subject.doAs don't work. Please help me!

sysuser1 Mar 30, 2004 7:59 AM (in response to phantom)

I've the same problem with doAs.

I spent several days on searching this bug, and I'm sure, that it's a very serious bug, that needs to be fixed.

I really need this functionality and I hope, this will work soon
Actions
2. Re: Subject.doAs don't work. Please help me!

starksm64 Mar 30, 2004 10:08 AM (in response to phantom)

JBoss does not use the JAAS Subject.doAs authorization mechanism. Read the JAAS howto at the start of the forum for the use of JAAS.
Actions

Go to original post