-
2. Re: How to get authenticated user's Subject from EJB
senthilid14 Mar 31, 2006 1:57 AM (in response to senthilid14)Thanks, but I am not able to get the Subject from EJB
It is always returning null, but JSP code is perfectly returning Subject
See the following code, and output
the following is session bean's business methodpublic String thanks() { try { Subject userSubject=(Subject)PolicyContext.getContext("javax.security.auth.Subject.container"); if(userSubject!=null) return userSubject.toString(); else return "save me"; }catch(Exception e) { throw new EJBException("thanks method got exception",e); } }
the following is calling JSP<%@ page import="javax.naming.InitialContext, javax.rmi.PortableRemoteObject, javax.security.auth.Subject, javax.security.jacc.PolicyContext, prototypebeans.permission.*, prototype.QueryPermission" %> <% InitialContext ctxt=new InitialContext(); PermissionManagerHome home=(PermissionManagerHome)PortableRemoteObject.narrow(ctxt.lookup("java:comp/env/ejb/PermissionManagerEJB"),PermissionManagerHome.class); PermissionManager permissionManager=home.create(); out.println("From EJB, "+permissionManager.thanks()); Subject userSubject=(Subject)PolicyContext.getContext("javax.security.auth.Subject.container"); out.println("<br>From JSP, subject is "+userSubject); %>
The following is output i gotFrom EJB, save me From JSP, subject is Subject: Principal: user1 Principal: Roles(members:admin)
Did any one obtain Subject from EJB code?
Please help me -
3. Re: How to get authenticated user's Subject from EJB
nigelwhite Mar 31, 2006 6:37 AM (in response to senthilid14)I've been through this. http://www.jboss.com/index.html?module=bb&op=viewtopic&t=45724&postdays=0&postorder=asc&start=19
That's the final posting where I have it all working... It was a painful process which a lot of people also seem to have probs with.
It is not well documented, and still, I feel inconsistent. The way that you MUST have an emopty security-domain entry in jboss.xml, and must put the @SecurityDomain("foo") annotation into every EJB. Weird. -
4. Re: How to get authenticated user's Subject from EJB
senthilid14 Apr 2, 2006 10:08 AM (in response to senthilid14)thanks, So I have to write Custom Login Module, I am new to JAAS, but i will try it
thanks again, -
5. Re: How to get authenticated user's Subject from EJB
senthilid14 Apr 4, 2006 11:18 AM (in response to senthilid14)Hi,
First of all, Thanks NigelWhite & scott stark .
Yes, We need to specify <security-domain> element in jboss.xml. Then only, the PolicyContext.getContext method will return Subject otherwise it will return null.
And it should have same value as <security-domain> element in jboss-web.xml.
And If you add <security-domain> element in jboss.xml, then you must specify <method-permission> element for your EJBs, otherwise you can't access your EJBs from servlet or jsp.
(First I wrongly understood, I thought to get Subject from EJB we must use CustomLogin module, Sorry, Its not correct, the key thing is <security-domain> element in jboss.xml)
For those who need sample code
The following is by my session bean's business methodpublic String sayHello() { try { Subject mySubject=(Subject)PolicyContext.getContext("javax.security.auth.Subject.container"); return mySubject.toString(); }catch(Exception e) { throw new EJBException("sayHello method failed to get subject",e); } }
The following my jboss.xml assembly descriptor part<assembly-descriptor> <method-permission> <unchecked/> <method> <ejb-name>HelloEJB</ejb-name> <method-name>*</method-name> </method> </method-permission> </assembly-descriptor>
The following is my Hello.jsp code<%@ page import="javax.naming.InitialContext, javax.rmi.PortableRemoteObject, hello.*" %> <% InitialContext ctxt=new InitialContext(); HelloHome home=(HelloHome)PortableRemoteObject.narrow(ctxt.lookup("java:comp/env/ejb/HelloEJB"),HelloHome.class); Hello hello=home.create(); %> <html> <head> <style type="text/css"> body { font-family:'Comic Sans MS'; font-size:11pt; } </style> </head> <body> <%=hello.sayHello()%> </body> </html>
and this is the outputSubject: Principal: user2 Principal: Roles(members:employee,manager)
Thanks again