2 Replies Latest reply on Jul 9, 2006 3:48 PM by jplessinger

Retrive the authenticated subject within a protected URL

jplessinger Jul 9, 2006 3:09 PM

I need access to the users subject from a servlet. When I access a unprotected URL I can retrive it just fine

example:
SecurityAssociation.getSubject()

and

PolicyContext.getContext("javax.security.auth.Subject.container");

But if I go to a protected URL, (the url-pattern under security-constraints in the web.xml) both of these methods return null.

I have attempted to use the JaasSecurityManagerService through JMX but it seams to take three arguments, realm, principle, and an Object. I have not found any documentation whast this thrid argument is.

1. Re: Retrive the authenticated subject within a protected URL

jplessinger Jul 9, 2006 3:11 PM (in response to jplessinger)

Seams my problem with SecurityAssociation is within a portected URL the SubjectContext is null

2006-07-09 14:57:37,745 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=null
Actions
2. Re: Retrive the authenticated subject within a protected URL

jplessinger Jul 9, 2006 3:48 PM (in response to jplessinger)

A bit more.

This only happens when the authenticated user does not have the proper role to access the URL.

I did forget to add, I am looking for the subject in a Valve.
Actions

Go to original post