I have searched this forum as well as the internet. I have found pieces of information
that answer some of my questions but do not paint the full picture. Please point me in
the proper direction whether it is a book, white paper, blog or an answer here.
Issue:
I have a glassfish web server that utilizes the standard LDAP realm. After a user has
been authenticated, how is the Subject and Principal established? Does the
web server do the work or is some programming required? This point is not clear to me.
After authentication, the user initiates some unit of work. Upon initiation, a jar on the
server is called from a managed JSF bean. This jar contains service and domain layers, all POJOs, persisted with Hibernate. Within the domain layer, which does not know of the web session etc., I need to do the following authorization for validation and security
measures:
final Subject subject = Subject.getSubject(AccessController.getContext());
final Iterator = subject.getPrincipals(MyPrincipal).iterator();
...
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
try {
sm.checkPermission(new SpecialPermission(value);
...
}
catch (SecurityException e) {
...
}
}
Any way I try it, the subject is always null as well as security manager. (I can't start
glassfish 2 with security manager enabled on XP. (Another issue)
Another forum entry asked part of the same question, but I could not gather enough information to get the above to work.
Thanks!
[Message sent by forum member 'dpandrews' (dpandrews)]
http://forums.java.net/jive/thread.jspa?messageID=333763