0 Replies Latest reply on Aug 4, 2014 5:40 AM by Bhushan Rane

    Override the logged in security context from servlet

    Bhushan Rane Newbie

      Hi All,

      I am trying to set security context from a servlet using code below. The purpose of this override it to execute number of calls in some other users context (without specifying password). We use a custom JAAS auth module for authentication purpose. THough below code works, I need to confirm if its correct way for overriding logged in context.

       

      SecurityContext oldContext = SecurityContextAssociation.getSecurityContext();
      // Prepare security context with some new user.
      SecurityContext tmpContext = SecurityContextFactory.createSecurityContext(somePrincipal,null,someSubject,someDomain);
             
      SecurityContextAssociation.setSecurityContext(tmpContext);
      AccessController.doPrivileged(somePriviledgedAction);
             
      // Revert the context to original
      SecurityContextAssociation.setSecurityContext(oldContext);
      
      
      

      The environment details are:

      JBOSS EAP 6.2.0

      Java 1.6.0_65