Uploaded image for project: 'JBoss Enterprise SOA Platform'
  1. JBoss Enterprise SOA Platform
  2. SOA-3408

ModeShape session does not have username JAAS API does not return Subject when used within J2EE applications

    Details

      Description

      When using JAAS authentication and not supplying credentials, ModeShape's Repository.login(...) methods result in a session that does not contain the proper user ID. This is because ModeShape uses the following call to obtain the Subject:

      Subject subject = Subject.getSubject(AccessController.getContext());
      

      However, when running within a J2EE container, the resulting 'subject' is null!

      The fact that the standard Java API to access the Subject from the JAAS LoginContext does not work within J2EE and the app server is very troubling, but apparently this is a problem that is well-known in J2EE circles (of which I am clearly not a member).

      According to Kurt, the Guvnor code obtains the Subject from the Seam context. If this is true (and acceptable), perhaps the easiest way to fix this is to enhance ModeShape to define an additional JCR Credentials class that allows this Subject to be passed into ModeShape. This new Credentials class should then be used in J2EE applications that use ModeShape with JAAS security.

      I still have not heard back from Anil or Shane as to the "proper" way to grab the Subject. If there's no other way than the Seam context, we may have to add the new Credentials implementation.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  van.halbert Van Halbert
                  Reporter:
                  van.halbert Van Halbert
                  Writer:
                  David Le Sage
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: