Hi All,
I am trying to set security context from a servlet using code below. The purpose of this override it to execute number of calls in some other users context (without specifying password). We use a custom JAAS auth module for authentication purpose. THough below code works, I need to confirm if its correct way for overriding logged in context.
SecurityContext oldContext = SecurityContextAssociation.getSecurityContext(); // Prepare security context with some new user. SecurityContext tmpContext = SecurityContextFactory.createSecurityContext(somePrincipal,null,someSubject,someDomain); SecurityContextAssociation.setSecurityContext(tmpContext); AccessController.doPrivileged(somePriviledgedAction); // Revert the context to original SecurityContextAssociation.setSecurityContext(oldContext);
The environment details are:
JBOSS EAP 6.2.0
Java 1.6.0_65