-
1. Re: Elytron and AuthenticationContext propagation from one thread to another
dmlloyd Mar 1, 2018 8:56 AM (in response to philippn)There are two sides to authentication: the current (server) identity, and the captured (client) authentication context.
As you have correctly discovered, the client authentication context should be captured using AuthenticationContext.getCurrent(). In the new thread, the captured context can be restored by putting your task body inside of an authCtxt.run() block.
The server side identity can be captured and restored in a similar way. First you must acquire your security domain (typically via SecurityDomain#getCurrent()) since each security domain may have different active identities. Then use domain.getCurrentSecurityIdentity() to return the identity itself, which can be restored by using its runAs() methods.
-
2. Re: Elytron and AuthenticationContext propagation from one thread to another
philippn Mar 1, 2018 11:49 AM (in response to dmlloyd)Thank you so much! The server side identity did the trick :-)