5 Replies Latest reply on Apr 4, 2006 11:18 AM by senthilid14

    How to get authenticated user's Subject from EJB

    senthilid14
    senthilid14 Mar 29, 2006 7:29 AM

      Hi,
      In servlet or JSP, I am able to get Subject by using PolicyContext.getContext() method

      But in EJB (Session Bean), If I am trying the same code, it is returing null. But getCallerPrincipal(), isUserInRole() methods are working properly.

      Is there a way to authenticated user's Subject from EJB? And one more thing PolicyContext.getContext() is JBoss specific, will it work in other app servers?

      I am searching for this more than one week, Please help

      Advance thanks

      Regards
      Senthil Kumar

      • 8184 Views
      • Tags:
        • 1. Re: How to get authenticated user's Subject from EJB
          starksm64
          starksm64 Mar 29, 2006 2:15 PM (in response to senthilid14)

          Q9
          http://wiki.jboss.org/wiki/Wiki.jsp?page=SecurityFAQ

            • Actions
          • 2. Re: How to get authenticated user's Subject from EJB
            senthilid14
            senthilid14 Mar 31, 2006 1:57 AM (in response to senthilid14)

            Thanks, but I am not able to get the Subject from EJB

            It is always returning null, but JSP code is perfectly returning Subject

            See the following code, and output

            the following is session bean's business method

            public String thanks() {
 try {
 Subject userSubject=(Subject)PolicyContext.getContext("javax.security.auth.Subject.container");
 if(userSubject!=null)
 return userSubject.toString();
 else
 return "save me";
 }catch(Exception e) {
 throw new EJBException("thanks method got exception",e);
 }
 }


            the following is calling JSP 

            <%@ page import="javax.naming.InitialContext, javax.rmi.PortableRemoteObject, javax.security.auth.Subject, javax.security.jacc.PolicyContext, prototypebeans.permission.*, prototype.QueryPermission" %>
<%
 InitialContext ctxt=new InitialContext();
 PermissionManagerHome home=(PermissionManagerHome)PortableRemoteObject.narrow(ctxt.lookup("java:comp/env/ejb/PermissionManagerEJB"),PermissionManagerHome.class);
 PermissionManager permissionManager=home.create();
 out.println("From EJB, "+permissionManager.thanks());
 Subject userSubject=(Subject)PolicyContext.getContext("javax.security.auth.Subject.container");
 out.println("<br>From JSP, subject is "+userSubject);
%>



            The following is output i got 

            From EJB, save me
From JSP, subject is Subject: Principal: user1 Principal: Roles(members:admin)




            Did any one obtain Subject from EJB code?

            Please help me

              • Actions
            • 3. Re: How to get authenticated user's Subject from EJB
              nigelwhite
              nigelwhite Mar 31, 2006 6:37 AM (in response to senthilid14)

              I've been through this. http://www.jboss.com/index.html?module=bb&op=viewtopic&t=45724&postdays=0&postorder=asc&start=19

              That's the final posting where I have it all working... It was a painful process which a lot of people also seem to have probs with.

              It is not well documented, and still, I feel inconsistent. The way that you MUST have an emopty security-domain entry in jboss.xml, and must put the @SecurityDomain("foo") annotation into every EJB. Weird.

                • Actions
              • 4. Re: How to get authenticated user's Subject from EJB
                senthilid14
                senthilid14 Apr 2, 2006 10:08 AM (in response to senthilid14)

                thanks, So I have to write Custom Login Module, I am new to JAAS, but i will try it

                thanks again,

                  • Actions
                • 5. Re: How to get authenticated user's Subject from EJB
                  senthilid14
                  senthilid14 Apr 4, 2006 11:18 AM (in response to senthilid14)

                  Hi,

                  First of all, Thanks NigelWhite & scott stark .

                  Yes, We need to specify <security-domain> element in jboss.xml. Then only, the PolicyContext.getContext method will return Subject otherwise it will return null.

                  And it should have same value as <security-domain> element in jboss-web.xml.

                  And If you add <security-domain> element in jboss.xml, then you must specify <method-permission> element for your EJBs, otherwise you can't access your EJBs from servlet or jsp.

                  (First I wrongly understood, I thought to get Subject from EJB we must use CustomLogin module, Sorry, Its not correct, the key thing is <security-domain> element in jboss.xml)



                  For those who need sample code

                  The following is by my session bean's business method

                  public String sayHello() {
 try {
 Subject mySubject=(Subject)PolicyContext.getContext("javax.security.auth.Subject.container");
 return mySubject.toString();
 }catch(Exception e) {
 throw new EJBException("sayHello method failed to get subject",e);
 }
 }



                  The following my jboss.xml assembly descriptor part 

                   <assembly-descriptor>
 <method-permission>
 <unchecked/>
 <method>
 <ejb-name>HelloEJB</ejb-name>
 <method-name>*</method-name>
 </method>
 </method-permission>
 </assembly-descriptor>


                  The following is my Hello.jsp code 

                  <%@ page import="javax.naming.InitialContext, javax.rmi.PortableRemoteObject, hello.*" %>
<%
 InitialContext ctxt=new InitialContext();
 HelloHome home=(HelloHome)PortableRemoteObject.narrow(ctxt.lookup("java:comp/env/ejb/HelloEJB"),HelloHome.class);
 Hello hello=home.create();
%>


<html>
<head>
<style type="text/css">
body {
 font-family:'Comic Sans MS';
 font-size:11pt;
}
</style>
</head>
<body>
<%=hello.sayHello()%>
</body>
</html>


                  and this is the output 

                  Subject: Principal: user2 Principal: Roles(members:employee,manager)



                  Thanks again

                    • Actions