JBoss 4.0.1 SP1 and JOSSO
thenomad Apr 29, 2005 2:03 PMHey all,
I'm trying desperately to get JOSSO to work with JBoss 4.0.1. In my travels (with a lot of tracing), I've come across what appears to be the big reason it's not working at this juncture. It boils down to a change in JaasSecurityManager between 3.x and 4.x of JBoss in the authenticate method.
You see, right now, when the JOSSO code is calling to get the activeSubject (with this call: Subject activeSubject = securityMgr.getActiveSubject();), the result is coming back null.
When I compare the authenticate methods between 3.x and 4.x in the JaasSecurityManager, 3.x used to make a call to setActivePrincipal that's no longer being called in 4.x.
Here's the 3.x version of the code (the // <===== are my comments):
private boolean authenticate(Principal principal, Object credential, Subject theSubject) { Subject subject = null; boolean authenticated = false; LoginException authException = null; try { // Clear any current subject SubjectActions.setActiveSubject(null); // <===== // Validate the principal using the login configuration for this domain LoginContext lc = defaultLogin(principal, credential); subject = lc.getSubject(); // Set the current subject if login was successful if( subject != null ) { // Copy the current subject into theSubject if( theSubject != null ) { SubjectActions.copySubject(subject, theSubject); } else { theSubject = subject; } authenticated = true; // Build the Subject based DomainInfo cache value Subject cacheSubject = updateCache(lc, subject, principal, credential); // Associate the subject with the thread SubjectActions.setActiveSubject(cacheSubject); // <===== } } ...catch code snipped...
Here's the 4.x version:
private boolean authenticate(Principal principal, Object credential, Subject theSubject) { Subject subject = null; boolean authenticated = false; LoginException authException = null; try { // Validate the principal using the login configuration for this domain LoginContext lc = defaultLogin(principal, credential); subject = lc.getSubject(); // Set the current subject if login was successful if( subject != null ) { // Copy the current subject into theSubject if( theSubject != null ) { SubjectActions.copySubject(subject, theSubject); } else { theSubject = subject; } authenticated = true; // Build the Subject based DomainInfo cache value updateCache(lc, subject, principal, credential); } } ...catch code snipped...
As near as I can tell in the code, the setActiveSubject stuff in SubjectActions has been replaced by push/pop actions: pushSubjectContext
But no matter what, shouldn't securityMgr.getActiveSubject() return the active subject - especially if it's just been authenticated?
Thanks for your help!
Marc