users@glassfish.java.net

Re: Enabling Subject , Principal on web server available thru AccessController

From: Aleksandras Novikovas <an_at_systemtier.com>
Date: Wed, 25 Feb 2009 18:44:17 +0200

Hi,

As far as I've understood - in order to acquire subject or security
manager you must run GF with security manager ON. Check logs to identify
why it can not start - I've successfully used GF with security manager
ON under XP and under 2003 server.

Here is code which i use to run security sensitive operations.

        Subject subject = Subject.getSubject (AccessController.getContext ());
        Subject.doAsPrivileged (subject, new PrivilegedAction<String> () {
            public String run () {
                SecurityManager sm = System.getSecurityManager ();
                if (sm != null) sm.checkPermission (MY_PERMISSION);
                // Here comes security sensitive operations.
            }
        }, null);


SecurityException is caught in higher levels.

-
Aleksandras Novikovas



On Wed, 2009-02-25 at 05:32 -0800, glassfish_at_javadesktop.org wrote:
> I have searched this forum as well as the internet. I have found pieces of information
> that answer some of my questions but do not paint the full picture. Please point me in
> the proper direction whether it is a book, white paper, blog or an answer here.
>
> Issue:
> I have a glassfish web server that utilizes the standard LDAP realm. After a user has
> been authenticated, how is the Subject and Principal established? Does the
> web server do the work or is some programming required? This point is not clear to me.
>
> After authentication, the user initiates some unit of work. Upon initiation, a jar on the
> server is called from a managed JSF bean. This jar contains service and domain layers, all POJOs, persisted with Hibernate. Within the domain layer, which does not know of the web session etc., I need to do the following authorization for validation and security
> measures:
>
> final Subject subject = Subject.getSubject(AccessController.getContext());
> final Iterator = subject.getPrincipals(MyPrincipal).iterator();
> ...
>
> final SecurityManager sm = System.getSecurityManager();
> if (sm != null) {
> try {
> sm.checkPermission(new SpecialPermission(value);
> ...
> }
> catch (SecurityException e) {
> ...
> }
> }
>
> Any way I try it, the subject is always null as well as security manager. (I can't start
> glassfish 2 with security manager enabled on XP. (Another issue)
> Another forum entry asked part of the same question, but I could not gather enough information to get the above to work.
>
> Thanks!
> [Message sent by forum member 'dpandrews' (dpandrews)]
>
> http://forums.java.net/jive/thread.jspa?messageID=333763
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>