1 Reply Latest reply on Mar 23, 2004 9:59 AM by starksm64

    How to access Groups from a SessionContext

    aquila125

      Hi there,

      So I created my own little LoginModule, based on the DatabaseServerLoginModule supplied by JBoss. All works fine and the login succeeds and fails when expected.
      In the loginmodule I add several groups of principals to the subject.
      I have a group called Roles, and 2 other groups.
      I use the Roles group to make sure an authenticated user can't see certain webpages.
      Our security system is based on Siebel, where they use Positions and Responsibilities for application data specific security, so I add these groups and fill them accordingly.

      Now, in a bean I can access the context and ask for the CallerPrincipal, doing a getName() on that principal gives me the username. An isUserInRole(roleName) gives me some information about the Roles group.
      But how can I access the other groups I created in the loginmodule? (I need those for some application specific security handling)

        • 1. Re: How to access Groups from a SessionContext
          starksm64

          There is no standard api for accessing this information. You can obtain the Subject of the caller and look to its java.security.acl.Group instance called 'Roles' to find this out.

          ...
           // Check the java:comp/env/security/security-domain
           try
           {
           InitialContext ctx = new InitialContext();
           Subject activeSubject = (Subject) ctx.lookup("java:comp/env/security/subject");
           log.debug("ActiveSubject: "+activeSubject);
           if( activeSubject == null )
           throw new EJBException("No ActiveSubject found");
           // Get the roles from the Group("Roles")
           Set principals = activeSubject.getPrincipals();
          ...
           }
           catch(NamingException e)
           {
           log.debug("failed", e);
           throw new EJBException("Naming exception: "+e.toString(true));
           }