| Summary: | ModeShape session does not have username JAAS API does not return Subject when used within J2EE applications | ||
|---|---|---|---|
| Product: | [JBoss] JBoss Enterprise SOA Platform 5 | Reporter: | Van Halbert <vhalbert> |
| Component: | EDS | Assignee: | Van Halbert <vhalbert> |
| Status: | CLOSED NEXTRELEASE | QA Contact: | |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 5.2.0.ER4 | ||
| Target Milestone: | --- | ||
| Target Release: | 5.2.0 GA, 5.2.0.ER5 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| URL: | http://jira.jboss.org/jira/browse/SOA-3408 | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-10-26 19:21:19 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Link: Added: This issue Cloned from MODE-1270 Workflow: Removed: GIT Pull Request workflow Added: jira Security: Added: Public Bugzilla References: Removed: https://bugzilla.redhat.com/show_bug.cgi?id=724795 Added: https://bugzilla.redhat.com/show_bug.cgi?id=724795 Bugzilla References: Removed: https://bugzilla.redhat.com/show_bug.cgi?id=724795 Added: https://bugzilla.redhat.com/show_bug.cgi?id=724795 Link: Added: This issue Cloned to MODE-1270 Link: Added: This issue Cloned to MODE-1273 Link: Removed: This issue Cloned to MODE-1273 Link: Removed: This issue Cloned to MODE-1270 Link: Added: This issue depends MODE-1270 Whereas MODE-1270 addresses using JAAS within J2EE applications, obtaining the Subject within a J2EE container is difficult and non-standard. MODE-1273 provides yet another alternative for ModeShape to better integrate seamlessly (ha, see what I did there?) in the J2EE world, especially within the JBoss AS/EAP/SOA-P/BRMS ecosystem. Link: Added: This issue depends MODE-1273 Bugzilla References: Removed: https://bugzilla.redhat.com/show_bug.cgi?id=724795 Added: https://bugzilla.redhat.com/show_bug.cgi?id=724795 Release Notes Docs Status: Added: Not Required Writer: Added: dlesage Bugzilla References: Removed: https://bugzilla.redhat.com/show_bug.cgi?id=724795 Added: https://bugzilla.redhat.com/show_bug.cgi?id=724795 These changes were validated during integration testing with Govenor. |
project_key: SOA When using JAAS authentication and not supplying credentials, ModeShape's Repository.login(...) methods result in a session that does not contain the proper user ID. This is because ModeShape uses the following call to obtain the Subject: {code:java} Subject subject = Subject.getSubject(AccessController.getContext()); {code} However, when running within a J2EE container, the resulting 'subject' is null! The fact that the standard Java API to access the Subject from the JAAS LoginContext does *not* work within J2EE and the app server is very troubling, but apparently this is a problem that is well-known in J2EE circles (of which I am clearly not a member). According to Kurt, the Guvnor code obtains the Subject from the Seam context. If this is true (and acceptable), perhaps the easiest way to fix this is to enhance ModeShape to define an additional JCR Credentials class that allows this Subject to be passed into ModeShape. This new Credentials class should then be used in J2EE applications that use ModeShape with JAAS security. I still have not heard back from Anil or Shane as to the "proper" way to grab the Subject. If there's no other way than the Seam context, we may have to add the new Credentials implementation.