5 Replies Latest reply on Apr 4, 2006 11:18 AM by senthil kumar

    How to get authenticated user's Subject from EJB

    senthil kumar Newbie

      Hi,
      In servlet or JSP, I am able to get Subject by using PolicyContext.getContext() method

      But in EJB (Session Bean), If I am trying the same code, it is returing null. But getCallerPrincipal(), isUserInRole() methods are working properly.

      Is there a way to authenticated user's Subject from EJB? And one more thing PolicyContext.getContext() is JBoss specific, will it work in other app servers?

      I am searching for this more than one week, Please help

      Advance thanks

      Regards
      Senthil Kumar

        • 2. Re: How to get authenticated user's Subject from EJB
          senthil kumar Newbie

          Thanks, but I am not able to get the Subject from EJB

          It is always returning null, but JSP code is perfectly returning Subject

          See the following code, and output

          the following is session bean's business method

          public String thanks() {
           try {
           Subject userSubject=(Subject)PolicyContext.getContext("javax.security.auth.Subject.container");
           if(userSubject!=null)
           return userSubject.toString();
           else
           return "save me";
           }catch(Exception e) {
           throw new EJBException("thanks method got exception",e);
           }
           }


          the following is calling JSP

          <%@ page import="javax.naming.InitialContext, javax.rmi.PortableRemoteObject, javax.security.auth.Subject, javax.security.jacc.PolicyContext, prototypebeans.permission.*, prototype.QueryPermission" %>
          <%
           InitialContext ctxt=new InitialContext();
           PermissionManagerHome home=(PermissionManagerHome)PortableRemoteObject.narrow(ctxt.lookup("java:comp/env/ejb/PermissionManagerEJB"),PermissionManagerHome.class);
           PermissionManager permissionManager=home.create();
           out.println("From EJB, "+permissionManager.thanks());
           Subject userSubject=(Subject)PolicyContext.getContext("javax.security.auth.Subject.container");
           out.println("<br>From JSP, subject is "+userSubject);
          %>



          The following is output i got

          From EJB, save me
          From JSP, subject is Subject: Principal: user1 Principal: Roles(members:admin)




          Did any one obtain Subject from EJB code?

          Please help me


          • 3. Re: How to get authenticated user's Subject from EJB
            Nigel White Newbie

            I've been through this. http://www.jboss.com/index.html?module=bb&op=viewtopic&t=45724&postdays=0&postorder=asc&start=19

            That's the final posting where I have it all working... It was a painful process which a lot of people also seem to have probs with.

            It is not well documented, and still, I feel inconsistent. The way that you MUST have an emopty security-domain entry in jboss.xml, and must put the @SecurityDomain("foo") annotation into every EJB. Weird.

            • 4. Re: How to get authenticated user's Subject from EJB
              senthil kumar Newbie

              thanks, So I have to write Custom Login Module, I am new to JAAS, but i will try it

              thanks again,

              • 5. Re: How to get authenticated user's Subject from EJB
                senthil kumar Newbie

                Hi,

                First of all, Thanks NigelWhite & scott stark .

                Yes, We need to specify <security-domain> element in jboss.xml. Then only, the PolicyContext.getContext method will return Subject otherwise it will return null.

                And it should have same value as <security-domain> element in jboss-web.xml.

                And If you add <security-domain> element in jboss.xml, then you must specify <method-permission> element for your EJBs, otherwise you can't access your EJBs from servlet or jsp.

                (First I wrongly understood, I thought to get Subject from EJB we must use CustomLogin module, Sorry, Its not correct, the key thing is <security-domain> element in jboss.xml)



                For those who need sample code

                The following is by my session bean's business method

                public String sayHello() {
                 try {
                 Subject mySubject=(Subject)PolicyContext.getContext("javax.security.auth.Subject.container");
                 return mySubject.toString();
                 }catch(Exception e) {
                 throw new EJBException("sayHello method failed to get subject",e);
                 }
                 }



                The following my jboss.xml assembly descriptor part

                 <assembly-descriptor>
                 <method-permission>
                 <unchecked/>
                 <method>
                 <ejb-name>HelloEJB</ejb-name>
                 <method-name>*</method-name>
                 </method>
                 </method-permission>
                 </assembly-descriptor>


                The following is my Hello.jsp code

                <%@ page import="javax.naming.InitialContext, javax.rmi.PortableRemoteObject, hello.*" %>
                <%
                 InitialContext ctxt=new InitialContext();
                 HelloHome home=(HelloHome)PortableRemoteObject.narrow(ctxt.lookup("java:comp/env/ejb/HelloEJB"),HelloHome.class);
                 Hello hello=home.create();
                %>
                
                
                <html>
                <head>
                <style type="text/css">
                body {
                 font-family:'Comic Sans MS';
                 font-size:11pt;
                }
                </style>
                </head>
                <body>
                <%=hello.sayHello()%>
                </body>
                </html>


                and this is the output

                Subject: Principal: user2 Principal: Roles(members:employee,manager)



                Thanks again