2 Replies Latest reply on Mar 30, 2004 10:08 AM by Scott Stark

    Subject.doAs don't work. Please help me!

    Eleas Newbie

      Sometime ago we change main developer server from weblogic to JBOSS and trying to rebuild our security system to JBOSS security approach. But we discover than Subject.doAs don’t work at all. Please, explain how can we execute privileged code?

      Code in non EJB class:

       log.debug("run!1 principal = "+SecurityAssociation.getPrincipal());
       ret = Subject.doAs(getInternalSubject(), new PrivilegedExceptionAction()
       public Object run() throws Exception
       log.debug("run!2 principal = "+SecurityAssociation.getPrincipal());
       return grant.getValue(si);

      public static Subject getInternalSubject()
       if (internalSubject == null)
       LoginContext lc = new LoginContext("XXX-domain", new XXXCallbackHandler("internal", "internal"));
       internalSubject = lc.getSubject();
       catch (LoginException e)
       throw new SkyNetRuntimeException("Exception during internal logining", e);
       log.debug("internal subject = " + internalSubject);
       return internalSubject;

      but we get
      run!1 Principal = phantom
      run!2 Principal = phantom

      Also in SecurityAssociation I find very interesting methods: pushRunAsRole popRunAsRole - can you explain in what cases I must/can use these methods?

      Thank you!