On Sep 19, 2012, at 3:34 PM, Derek Knapp wrote:
> Thanks for the reply! It's good to know I'm on the right path :)
>
> I am a curious about how / why Glassfish automatically determines the Principal (the one in request.getUserPrincipal()).
>
> Since a subject is capable of having multiple principals, how does Glassfish determine which one to return?
>
> It seems strange to me that the Principal is automatically set, but the groups are not.. I assume this is more of JSR 196 question than Glassgish specific?
Glassfish does not set the principal, you need to use the CallerPrincipalCallback to set it. Can you explain what you are observing.
>
>
> Thanks,
>
> Derek
>
>
> On Sep 19, 2012, at 2:59 AM, KumarJayanti <v.b.kumar.jayanti_at_oracle.com> wrote:
>
>>
>> On Sep 19, 2012, at 3:19 PM, Derek Knapp wrote:
>>
>>> I am having a hard time understanding how Groups are set in the LoginModule.
>>>
>>> I have a class that implements the java.security.acl.Group, and I add it to the subject in my LoginModule.. but that doesn't seem to do anything.
>>>
>>> Do I need to do something in my SAM to handle the Group myself? I know if I add the following code to my validateRequest method in my SAM, it works as expected...
>>>
>>>
>>> String[] group = {"users"};
>>> handler.handle(new Callback[] { new GroupPrincipalCallback(clientSubject, group) });
>>>
>>>
>>> So I am starting to think that I need to call the subject.getPrincipals(Group.class) and return a list of the groups in the GroupPrincipalCallback myself.. but I am not sure this is the "right" way to do this...
>>
>> Yes that is the right way. The SAM is responsible for setting the groups into the subject via the GroupPrincipalCallback.
>>
>