9 Replies Latest reply on May 8, 2013 5:02 AM by bondchan921

    Error when getting Subject

    monkiki

      Hi, I've a authenticated web application. When I log on it, I should get the authenticated subject usign this code:

      AccessControlContext acc = AccessController.getContext();
      Subject subject = Subject.getSubject(acc);


      But, subject is null.

      I've seen a workaround for this:

      Context ctx = new InitialContext();
      org.jboss.security.SubjectSecurityManager mgr = (org.jboss.security.SubjectSecurityManager)ctx.lookup("java:comp/env/security/securityMgr");
      Subject sub = mgr.getActiveSubject();


      but i want to know if it is a bug really or I'm doing an mistake.

      Thanks!

        • 1. Re: Error when getting Subject
          senthilid14

          Hi,

          We can get subject by using the following code in JSP or Servlet.

          Subject userSubject=(Subject)PolicyContext.getContext("javax.security.auth.Subject.container");
           System.out.println("Subject is "+userSubject);


          But getting Subject from EJB is little difficult (I feel). Any way, In your code
          ctxt.lookup("java:comp/env/security/SecurityMgr"),
          first you are getting SubjectSecurityManager, then you are getting Subject. But I am getting
          NameNotFoundException for that lookup
          (means I have to say something to Jboss regarding for that lookup in jboss-web.xml or jboss.xml) How to say (or how to configure that lookup), Where you seen that code, Can you give working code,

          Thanks

          Senthil Kumar

          • 2. Re: Error when getting Subject
            monkiki

            this issue was about using Jackrabbit with JBoss, but that's a rather dirty hack. the details where the subject is obtained from is not the task of the repository.
            I should rather do the following when I do a login:

            Context ctx = new InitialContext();
            Subject subject = (Subject)ctx.lookup("java:comp/env/security/subject");
            final Repository repository = .... // probably also from jndi
            
            Session s = (Session) Subject.doAs(subject, new PrivilegedAction() {
             public Object run() {
             return repository.login();
             }
            });



            • 3. Re: Error when getting Subject
              anil.saldhana

              If u want to lookup the "Subject" from JNDI, somebody has to bind it there. Who does it? We do not do it in JBoss Codebase.

              Do the PolicyContext way.

              • 4. Re: Error when getting Subject
                llm571

                I have tried using the PolicyContext in an EJB, but I keep getting a null subject back. If I use the PolicyContext from a JSP/Servlet, I get the correct subject back. I'm not using any custom login module or custom principals. Am I mising something?

                • 5. Re: Error when getting Subject
                  starksm64

                  The legacy approach for getting the subject is to use jndi, and the ejb and web container do create this binding. Create a jira issue with an example of where the PolicyContext approach does not yield the same result as the jndi lookup.

                  • 6. Re: Error when getting Subject
                    llm571

                    For some reason, the subject is not being bound to the JNDI in the ejb container as well. The subject is bound to the JNDI in the web container however. I have a feeling that I have something configured wrong. Do I need to specify a <security-domain> in the standardjboss.xml? I'm using JBoss 4.0.3SP1 with EJB2 and JDK 1.4.2

                    Thanks.

                    • 7. Re: Error when getting Subject
                      starksm64

                      security-domain is need in the jboss.xml for ejb2.1. For ejb3 there is an annotation. See the ejb3 docs for @SecurityDomain.

                      • 8. Re: Error when getting Subject
                        nigelwhite

                        I've found that you have to have a <security-domain/> (that's empty!) entry in jboss.xml, and use the @SecurityDomain annotation on your EJB3s.

                        That's the only way it actually works!

                        • 9. Re: Error when getting Subject
                          bondchan921

                          Sorry to bring this up,

                           

                           

                          I can get Subject via JNDI in jboss 4.2.3 but return null in jboss 5.1.0, for details please refer to thread: https://community.jboss.org/message/816667#816667

                          I config the SecurityDomain for web application in jboss-web.xml, not for EJB2.1 and EJB3, however works under jboss 4.2.3