JAAS & WebContainer interaction

Hi everybody,

is there any common way to retrieve authenticated user subject?

For example, Tomcat/JBoss store it in "javax.security.auth.subject" session attribute after successful authentication, but WebSphere does not.

Stricktly speaking LoginModule cannot access session or application context with standard form based authentication (without doing something fancy) and it does look like web container cannot access JAAS subject. Is that correct or am i missing something here?

Any opinion will be greatly appreciated.

Igor.

[564 byte] By [inksystemsa] at [2007-10-2 22:37:22]

«« @GeneratedValue mixed with manual values
»» Button Clicked then execute Servlet.. please correct my code..

# 1

In websphere you should use WSSubject.getCallerSubject() method. To use this you have to include wssec.jar, security.jar and sas.jar in your build classpath. WSSubject is an extension to the standard JAAS subject implemented by IBM for WebSphere. BEA has a similar WLSSubject for weblogic. This is due to some issues with attribute propagation.

scorpio27a at 2007-7-14 1:54:35 >

top of Java-index,Security,Other Security APIs, Tools, and Issues...

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

JAAS & WebContainer interaction

Security New Topic

Security Hot Topic

Security

All Classified