users@glassfish.java.net

Re: ProgrammaticLogin - get Subject on client side - how?

From: <glassfish_at_javadesktop.org>
Date: Tue, 22 Jul 2008 11:17:06 PDT

Unfortunately ProgrammaticLogin doesn't seem to have methods to allow it.

You can try enabling security manager and then do Subject.getSubject(AccessController.getContext()). Without security manager you normally get null Subject from that call. But then you will need to assign ProgrammaticLoginPermission as mentioned in http://doc.ddart.net/java/j2ee/docs/api/com/sun/appserv/security/ProgrammaticLogin.html into a policy file (supply your own policy file).

Using LoginContext from JAAS directly won't work, because you need to know the application name which maps to some login module. But glassfish comes with only server side login modules.

For example in JBoss you have org.jboss.security.ClientLoginModule (client side login module), which doesn't do any real login, just creates internal security context which is then used on server side to authenticate EJB invocation - so with LoginContext it basically can perform the same task as ProgrammaticLogin, but you can get the Subject too.

You can also download sourcode of ProgrammaticLogin and have a look what it does.
[Message sent by forum member 'jarol1' (jarol1)]

http://forums.java.net/jive/thread.jspa?messageID=288494