9 Replies Latest reply on May 8, 2013 5:02 AM by bondchan921

    Error when getting Subject

    monkiki
    monkiki Apr 3, 2006 6:05 AM

      Hi, I've a authenticated web application. When I log on it, I should get the authenticated subject usign this code:

      AccessControlContext acc = AccessController.getContext();
Subject subject = Subject.getSubject(acc);


      But, subject is null.

      I've seen a workaround for this: 

      Context ctx = new InitialContext();
org.jboss.security.SubjectSecurityManager mgr = (org.jboss.security.SubjectSecurityManager)ctx.lookup("java:comp/env/security/securityMgr");
Subject sub = mgr.getActiveSubject();


      but i want to know if it is a bug really or I'm doing an mistake.

      Thanks!

      • 5524 Views
      • Tags:
        • 1. Re: Error when getting Subject
          senthilid14
          senthilid14 Apr 3, 2006 8:26 AM (in response to monkiki)

          Hi,

          We can get subject by using the following code in JSP or Servlet.

          Subject userSubject=(Subject)PolicyContext.getContext("javax.security.auth.Subject.container");
 System.out.println("Subject is "+userSubject);


          But getting Subject from EJB is little difficult (I feel). Any way, In your code 
          ctxt.lookup("java:comp/env/security/SecurityMgr"),
          first you are getting SubjectSecurityManager, then you are getting Subject. But I am getting 
          NameNotFoundException for that lookup
          (means I have to say something to Jboss regarding for that lookup in jboss-web.xml or jboss.xml) How to say (or how to configure that lookup), Where you seen that code, Can you give working code,

          Thanks

          Senthil Kumar

            • Actions
          • 2. Re: Error when getting Subject
            monkiki
            monkiki Apr 3, 2006 11:17 AM (in response to monkiki)

            this issue was about using Jackrabbit with JBoss, but that's a rather dirty hack. the details where the subject is obtained from is not the task of the repository.
            I should rather do the following when I do a login:

            Context ctx = new InitialContext();
Subject subject = (Subject)ctx.lookup("java:comp/env/security/subject");
final Repository repository = .... // probably also from jndi

Session s = (Session) Subject.doAs(subject, new PrivilegedAction() {
 public Object run() {
 return repository.login();
 }
});



              • Actions
            • 3. Re: Error when getting Subject
              anil.saldhana
              anil.saldhana Apr 3, 2006 11:21 AM (in response to monkiki)

              If u want to lookup the "Subject" from JNDI, somebody has to bind it there. Who does it? We do not do it in JBoss Codebase.

              Do the PolicyContext way.

                • Actions
              • 4. Re: Error when getting Subject
                llm571
                llm571 Apr 3, 2006 12:18 PM (in response to monkiki)

                I have tried using the PolicyContext in an EJB, but I keep getting a null subject back. If I use the PolicyContext from a JSP/Servlet, I get the correct subject back. I'm not using any custom login module or custom principals. Am I mising something?

                  • Actions
                • 5. Re: Error when getting Subject
                  starksm64
                  starksm64 Apr 3, 2006 12:43 PM (in response to monkiki)

                  The legacy approach for getting the subject is to use jndi, and the ejb and web container do create this binding. Create a jira issue with an example of where the PolicyContext approach does not yield the same result as the jndi lookup.

                    • Actions
                  • 6. Re: Error when getting Subject
                    llm571
                    llm571 Apr 3, 2006 12:50 PM (in response to monkiki)

                    For some reason, the subject is not being bound to the JNDI in the ejb container as well. The subject is bound to the JNDI in the web container however. I have a feeling that I have something configured wrong. Do I need to specify a <security-domain> in the standardjboss.xml? I'm using JBoss 4.0.3SP1 with EJB2 and JDK 1.4.2

                    Thanks.

                      • Actions
                    • 7. Re: Error when getting Subject
                      starksm64
                      starksm64 Apr 3, 2006 1:57 PM (in response to monkiki)

                      security-domain is need in the jboss.xml for ejb2.1. For ejb3 there is an annotation. See the ejb3 docs for @SecurityDomain.

                        • Actions
                      • 8. Re: Error when getting Subject
                        nigelwhite
                        nigelwhite Apr 4, 2006 4:35 AM (in response to monkiki)

                        I've found that you have to have a <security-domain/> (that's empty!) entry in jboss.xml, and use the @SecurityDomain annotation on your EJB3s.

                        That's the only way it actually works!

                          • Actions
                        • 9. Re: Error when getting Subject
                          bondchan921
                          bondchan921 May 8, 2013 5:02 AM (in response to starksm64)

                          Sorry to bring this up,

                           

                           

                          I can get Subject via JNDI in jboss 4.2.3 but return null in jboss 5.1.0, for details please refer to thread: https://community.jboss.org/message/816667#816667

                          I config the SecurityDomain for web application in jboss-web.xml, not for EJB2.1 and EJB3, however works under jboss 4.2.3

                            • Actions