Push/PopSubjectContext
matthiasd Mar 27, 2006 8:03 AMHi,
I'm trying to access a session bean on a second JBoss instance. Therefore I do a login for the second server using the method SecurityAssociation.pushSubjectContext(...). After the call I use SecurityAssociation.popSubjectContext() to restore the previous login. But it seems that after this call the login is still the principal of the second login!
So I looked up the code for popSubjectContext, which looks like this:
public static SubjectContext popSubjectContext() { SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(setPrincipalInfoPermission); SubjectContext sc = threadSubjectStacks.pop(); return sc; }
In my opinion something is missing here. The current Prinicipal and Credentials should be set to the values of the SubjectContext element at the top of the stack. Something like this:
public static SubjectContext popSubjectContext() { SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(setPrincipalInfoPermission); SubjectContext sc = threadSubjectStacks.pop(); SubjectContext top = threadSubjectStacks.peek(); if (server) { threadPrincipal.set(top.getPrincipal()); threadCredential.set(top.getCredential()); } else { SecurityAssociation.principal = top.getPrincipal(); SecurityAssociation.credential = top.getCredential(); } return sc; }
Is this correct? Or am I doing something really bad here?
As a workaroud I am currently doing this in my code, which does the same without patching SecurityAssociation:
// login to second JBoss SecurityAssociation.pushSubjectContext(null, new SimplePrincipal(username), password.toCharArray()); // do call on second JBoss ... // now restore the previous login // remove second login first SecurityAssociation.popSubjectContext(); // get previuous login SubjectContext previous = SecurityAssociation.popSubjectContext(); // re-login with previous principal and credentials SecurityAssociation.pushSubjectContext(null, previous.getPrincipal(), previous.getCredential());
Thanks for any comments on this!