users@glassfish.java.net

Re: Getting Principal inside JMX MBean

From: Skanda Prasad <skanda.prasad.ganapathy_at_ericsson.com>
Date: Fri, 6 Nov 2009 00:49:37 -0800 (PST)

Hi,

When I try to access the MBean through JConsole, say with the credentials of
admin user, the security context still does not contain this user
principal.... It only has ANONYMOUS in the context...im pasting below
contents of the SecurityContext :

SecurityContext[ Initiator: ANONYMOUSSubject Subject:
]|#]

Could someone please let me know why glassfish does not hold the user
principal which was used to login to the glassfish server through JConsole??

Regards,
Skanda
 

glassfish-2 wrote:
>
> Hi, I have created some JMX MBeans during the READY_EVENT on a
> LifecycleListener. They are created ok. I have also created a new user
> through the GlassFish admin console.
>
> I now use JConsole to connect to GlassFish. I use the service URL dumped
> out on the console when starting GlassFish, and the user and password just
> created. JConsole connects just fine and I can see all the MBeans.
>
> In my MBeans I need to do additional authorization for the user by
> checking the Principal (=user) against a legacy authorization system
> (based on the attribute the user is interested in). So in my MBean I would
> like to do something like the following:
>
> public class MyMBean implements DynamicMBean{
> ...
> public Object getAttribute(String attrname){
>
> Principal p = ????
>
> boolean allowGet = myLegacyAuthorizationService(p.getName(),
> attrname);
> if(allowGet){
> ...return data...
> } else {
> ...throw something relevant...
> }
> }
>
> Question is how do I get the Principal? I have tried the following:
>
> com.sun.enterprise.security.SecurityContext sc =
> SecurityContext.getCurrent();
> Principal p = sc.getCallerPrincipal();
>
> Sure enough, I get a Principal back. But it is ANONYMOUS and not the
> username I have used when connecting through JConsole. So how do I get my
> hands on the username?
>
> Any other possible way of implementing this way of authorization?
>
> Any help would be much appreciated.
>
> Regards, Mark Hollmann
> [Message sent by forum member 'markhollmann' (markhollmann)]
>
> http://forums.java.net/jive/thread.jspa?messageID=285598
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>

-- 
View this message in context: http://old.nabble.com/Getting-Principal-inside-JMX-MBean-tp18378082p26228570.html
Sent from the java.net - glassfish users mailing list archive at Nabble.com.