4 Replies Latest reply on Feb 9, 2005 4:00 PM by starksm64

Problem to add Principal to the Subject

borisn Feb 9, 2005 3:37 PM

Hi,
I am trying to add my own Principal to Subject and extract it on server side on JBoss 3.2.6. For some reason it seems like Subject does not contain it on server. Here is what I am doing:

On client:

UsernamePasswordHandler handler = new UsernamePasswordHandler(id, pass.toCharArray());

Subject subject = new Subject();

Principal principal = new IpPrincipal("someIpAddress");
subject.getPrincipals().add(principal);

LoginContext lc = new LoginContext("client-login", subject, handler);
lc.login();

//after that look up bean and call a method?

I would expect that Subject retrived on server would have IpPrincipal, but apparently it doesn?t.

Here is IpPrincipal class

public class IpPrincipal implements java.security.Principal, Serializable {
private String ip;
public IpPrincipal(String address) {
ip = address;
}

public String getName() {
return ip;
}

public String toString() {
return ip;
}

}

On server side to get Subject I do:

Context environment = (Context)new InitialContext().lookup("java:comp/env");
org.jnp.interfaces.NamingContext secContext = (org.jnp.interfaces.NamingContext)environment.lookup("security");
javax.security.auth.Subject subject = (javax.security.auth.Subject)secContext.lookup("subject");

System.out.println("getPrincipals: " + subject.getPrincipals());

Here is output:
15:07:44,524 INFO [STDOUT]:getPrincipals: [boris, Roles(members:everyone)]

So my IpPrincipal is not propagated to the server.

Any idea what I am missing ?

Thanks
Boris

1. Re: Problem to add Principal to the Subject

starksm64 Feb 9, 2005 3:41 PM (in response to borisn)

The Subject created on the client is not what is propagated. Read the JAAS Howto topic in this forum to understand the security context propagation. If you want this info it would have to be attached using a custom login module on the server side.
Actions
2. Re: Problem to add Principal to the Subject

borisn Feb 9, 2005 3:50 PM (in response to borisn)

Thanks Scott,
But it implies that I have to have client?s IP address on the server, which is what exactly I am trying to achieve by propagating this IpPrincipal. So, it seems like adding a new Principal is not going to work for me. Do you know any other way how I can get client?s IP address on server?

Thanks in advance
Boris
Actions
3. Re: Problem to add Principal to the Subject

tcherel Feb 9, 2005 3:59 PM (in response to borisn)

By adding a callback (like a TextInputCallback) in the client to add the ip address and by having a custom login module on the server to understand this extra callback and add it to the subject, you should be able to achieve what you need.

Thomas
Actions
4. Re: Problem to add Principal to the Subject

starksm64 Feb 9, 2005 4:00 PM (in response to borisn)

The client ip can be passed in using a custom interceptor in the client proxy.
Actions

Go to original post