2 Replies Latest reply on Mar 30, 2004 10:08 AM by Scott Stark

    Subject.doAs don't work. Please help me!

    Eleas Newbie

      Sometime ago we change main developer server from weblogic to JBOSS and trying to rebuild our security system to JBOSS security approach. But we discover than Subject.doAs don’t work at all. Please, explain how can we execute privileged code?

      Example
      Code in non EJB class:

      ...............
       log.debug("run!1 principal = "+SecurityAssociation.getPrincipal());
       ret = Subject.doAs(getInternalSubject(), new PrivilegedExceptionAction()
       {
       public Object run() throws Exception
       {
       log.debug("run!2 principal = "+SecurityAssociation.getPrincipal());
       return grant.getValue(si);
       }
       });
      ................
      


      where
      public static Subject getInternalSubject()
       {
       log.debug("getInternalSubject");
       if (internalSubject == null)
       {
       try
       {
       LoginContext lc = new LoginContext("XXX-domain", new XXXCallbackHandler("internal", "internal"));
       lc.login();
       internalSubject = lc.getSubject();
       }
       catch (LoginException e)
       {
       throw new SkyNetRuntimeException("Exception during internal logining", e);
       }
       }
       log.debug("internal subject = " + internalSubject);
       return internalSubject;
       }
      

      but we get
      run!1 Principal = phantom
      run!2 Principal = phantom
      


      Also in SecurityAssociation I find very interesting methods: pushRunAsRole popRunAsRole - can you explain in what cases I must/can use these methods?

      Thank you!