Can an arbitrarily created Subject be used in doAs() without LoginContext?
Can a Subject that is created independently be used for doAs() or doAsPrivileged()?
Due to some restrictions I can not use LoginModule(and LoginContext) to authenitcate a user, instead, the authentication process is done using another approach. After that process I have added the gained roles as special Principals into an arbitrarily created Subject. Now it seemed that it does not work in that way by invoking the doAs() method on Subject using this newly created subject.
Should I still make a dummy LoginContext and a dummy LoginModule to populate a subject? Is that true that a subject can only be used when a LoginContext is created before? or...
In implementation of daAs() a SubjectDomainCombiner came into play in that it combines itself with the current AccessControlContext. In this sense my approach should work. But not.
I will be very appreciated for any tipps.
Message was edited by:
secondt
[951 byte] By [
secondta] at [2007-10-3 7:41:13]
No you can't. That kind of ability would completely defeat the purpose of security. You have to obtain a Subject via a LoginModule, be it one supplied by the app server or one of your own. Unfortunately, you can't combine application-controlled authentication with container-controlled authorization. That would just be too easy, which isn't the Java EE way.
Yes, you are totally right. I've also noticed that and changed the implementation. But it does not work either.
I have an application based authentication and authorization sub-system, let us call it app-authe and app-autho. The java login-module would cause the app-authe and app-autho invoked. After that a subject with all principals derived from information in app-autho would be created and made available. As I use this subject with its doAs() or doAsPri..(), it does not work either.
I am working on integrating java and OSGi security mechanisms. It would be very nice if you have any experiences in any projects about security integrating. I am expecting your answer.
