You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Matt Harrison <ma...@tmd.tv> on 2004/07/13 12:18:12 UTC
Accessing javax.security.auth.Subject within a session
Hi
I've implemented a JAAS Realm authentication module for my servlet/JSP
web-app which is working a treat.
Can anybody tell me how to access in my servlets the
javax.security.auth.Subject object generated at login?
This fronts an existing application and I would like to store the
user-specific jdbc database connection object generated at login as a
credential within the Subject and use it within the session context of my
web-app. I know that I could capture the username and password with a filter
and recreate the db connection post authentication, but I guess this kind of
defeats the purpose of container based security and creates unnecessary
session creation work at the database.
Thanks in advance
Matt
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Accessing javax.security.auth.Subject within a session
Posted by Jeanfrancois Arcand <Je...@Sun.COM>.
Matt Harrison wrote:
>Hi
>
>I've implemented a JAAS Realm authentication module for my servlet/JSP
>web-app which is working a treat.
>
>Can anybody tell me how to access in my servlets the
>javax.security.auth.Subject object generated at login?
>
>
You can get it using
Subject.getSubject(AccessController.getContext())
>This fronts an existing application and I would like to store the
>user-specific jdbc database connection object generated at login as a
>credential within the Subject and use it within the session context of my
>web-app. I know that I could capture the username and password with a filter
>and recreate the db connection post authentication, but I guess this kind of
>defeats the purpose of container based security and creates unnecessary
>session creation work at the database.
>
>
Tomcat 5 store the Subject as an attribute. Do a:
getAttribute("javax.security.auth.subject")
but this will not be portable (will works with JBoss/SunOne :-) ). An
new API willprobably be added in Servlet 2.5 to address that missing part.
-- Jeanfrancois
>Thanks in advance
>
>Matt
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org