On Sep 19, 2012, at 3:19 PM, Derek Knapp wrote:
> I am having a hard time understanding how Groups are set in the LoginModule.
>
> I have a class that implements the java.security.acl.Group, and I add it to the subject in my LoginModule.. but that doesn't seem to do anything.
>
> Do I need to do something in my SAM to handle the Group myself? I know if I add the following code to my validateRequest method in my SAM, it works as expected...
>
>
> String[] group = {"users"};
> handler.handle(new Callback[] { new GroupPrincipalCallback(clientSubject, group) });
>
>
> So I am starting to think that I need to call the subject.getPrincipals(Group.class) and return a list of the groups in the GroupPrincipalCallback myself.. but I am not sure this is the "right" way to do this...
Yes that is the right way. The SAM is responsible for setting the groups into the subject via the GroupPrincipalCallback.