In case someone interested - please find attached my JACC
implementation.
-
Aleksandras Novikovas
On Fri, 2009-01-30 at 17:54 +0200, Aleksandras Novikovas wrote:
> Hi,
>
> Try put this code into your session bean:
>
>
> // Acquire Subject from current context
> Subject subject = Subject.getSubject (AccessController.getContext ());
> // Execute code on subject behalf
> Subject.doAsPrivileged (subject, new PrivilegedAction<String> () {
> public String run () {
> SecurityManager sm = System.getSecurityManager ();
> // Here you can check if user has permission to execute specified code
> // if (sm != null) sm.checkPermission (MY_PERMISSION);
> // Here you can do your security sensitive operations
> String user = getCurrentUserName ();
> return user;
> }
> }, null);
>
>
> Regarding JAAS - there is implementation of JAAS in GF.
> If you consider using JAAS in your client code - it is not appropriate
> list to discuss.
>
> First of all google for standard SUN tutorial on JAAS then write me
> (an_at_systemtier.com) and i will send my code.
>
> -
> Aleksandras Novikovas
>
>
>
>
> On Wed, 2009-01-28 at 13:16 -0800, glassfish_at_javadesktop.org wrote:
> > What I am trying to accomplish is to have a stand alone client log into the server, look up a session bean, and then inside the session bean get the username. I placed your code inside my bean. I compiled and redeployed. In my client, I successfully look up the bean and called your method.
> >
> > After activating Security Manager, I received an access denied (javax.security.auth.AuthPermission getSubject) exception. So, I added
> >
> > grant {
> > permission javax.security.auth.AuthPermission "getSubject";
> > };
> >
> > to my server policy, restarted the server and tried again. This time the getSubject call returned a subject. The following call to GetPrivateCredentials() returned a 0-length Set.
> >
> > I have never attempted to use JAAS and have no idea how to proceed. Can you point me to a good resource? If you have some sample code that implements what I am trying to do, would you please email it to me: janchj_at_gmail.com
> >
> > Thanks for all your help!
> > [Message sent by forum member 'janchj' (janchj)]
> >
> > http://forums.java.net/jive/thread.jspa?messageID=328781
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> > For additional commands, e-mail: users-help_at_glassfish.dev.java.net
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
# Holds JDBC resource name to access security database.
JDBC_RESOURCE_NAME=jdbc/authPool
# Query used to test BasicPermission for the user.
PERMISSION_TEST_QUERY=select exists (select 1 from sec.active_user_list au join sec.group_user gu on gu.user_name = au.user_name join sec.group_permission gp on gu.group_name = gp.group_name where au.user_name = ? and gp.permission_name = ?)