You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geronimo.apache.org by weberjn <we...@gmail.com> on 2012/07/18 14:50:06 UTC
API for nested subjects?
Hi,
I still need nested security context, to invoke EJBs from an application
client with changing subjects.
I tried the ContextManager code below, but it does not work, the current
subject is null.
Is there a better code for this?
Thanks, Juergen
See also:
https://issues.apache.org/jira/browse/GERONIMO-4765
https://java2s.com/Open-Source/Java/EJB-Server/geronimo/security/org/apache/geronimo/security/ContextManagerTest.java.htm
context.login();
subject subject = context.getSubject();
ContextManager.registerSubject(subject);
Callers oldCallers = ContextManager.pushNextCaller(subject);
// sowhere other in the call chain
try
{
Subject subject1 = ContextManager.getCurrentCaller();
System.out.println("getCurrentSubject1() -> " + subject1);
// invoke EJB here under subject1
}
finally
{
ContextManager.popCallers(oldCallers);
}
getCurrentSubject1() -> null
--
View this message in context: http://apache-geronimo.328035.n3.nabble.com/API-for-nested-subjects-tp3985483.html
Sent from the Users mailing list archive at Nabble.com.
Re: API for nested subjects?
Posted by weberjn <we...@gmail.com>.
OK, let's put it diffently:
How can I call the EJB below from a standalone Java Client with three
different Users (let's say round-robin), but without having to open a new
InitialContext for each call?
Thanks,
Juergen
@Stateless
public class PrincipalEJB
{
@Resource
private EJBContext context;
public String info()
{
String s = context.getCallerPrincipal().getName();
System.out.println(s);
return s;
}
}
--
View this message in context: http://apache-geronimo.328035.n3.nabble.com/API-for-nested-subjects-tp3985483p3985495.html
Sent from the Users mailing list archive at Nabble.com.
Re: API for nested subjects?
Posted by David Jencks <da...@yahoo.com>.
Hi Juergen,
I don't remember everything about how the openejb remote auth works. Maybe if you show your app client login config it would help :-)
In general the server shouldn't trust subjects sent from arbitrary clients, why should it trust the client? The ServerIdentityToken is a private credential, not a principal, right?
There's some corba csiv2 stuff you can set up if you really want a way for the server to trust subjects from your app client, but generally the openejb remote login way is simpler.
thanks
david jencks
On Jul 18, 2012, at 11:25 AM, weberjn wrote:
> David,
>
> thanks, I tried this now,
> ContextManager.getCurrentCaller() returns after setCallers
> Private Credential: org.apache.geronimo.openejb.ServerIdentityToken@c2015793
>
> but in the EJB ctx.getCallerPrincipal().getName() returns UNAUTHENTICATED
>
> This is a 2.1 EJB with <method-permission> <unchecked />
> but still I think the principal should be transferred, isn't it?
>
> Juergen
>
>
> David Jencks wrote
>>
>> Is this code run in the app client?
>>
>> I think there is no pre-existing logged in Subject? This will mean the
>> oldCallers below will have no Subjects in it.
>>
>> I think you want
>>
>> ContextManager.setCallers(subject, subject);
>> try {
>> //whatever
>> } finally {
>> ContextManager.clearCallers();
>> }
>>
>> thanks
>> david jencks
>>
>> On Jul 18, 2012, at 8:50 AM, weberjn wrote:
>>
>>> Hi,
>>>
>>> I still need nested security context, to invoke EJBs from an application
>>> client with changing subjects.
>>>
>>> I tried the ContextManager code below, but it does not work, the current
>>> subject is null.
>>> Is there a better code for this?
>>>
>>> Thanks, Juergen
>>>
>>> See also:
>>> https://issues.apache.org/jira/browse/GERONIMO-4765
>>> https://java2s.com/Open-Source/Java/EJB-Server/geronimo/security/org/apache/geronimo/security/ContextManagerTest.java.htm
>>>
>>>
>>> context.login();
>>> subject subject = context.getSubject();
>>>
>>> ContextManager.registerSubject(subject);
>>> Callers oldCallers = ContextManager.pushNextCaller(subject);
>>> // sowhere other in the call chain
>>> try
>>> {
>>> Subject subject1 = ContextManager.getCurrentCaller();
>>>
>>> System.out.println("getCurrentSubject1() -> " + subject1);
>>>
>>> // invoke EJB here under subject1
>>> }
>>> finally
>>> {
>>> ContextManager.popCallers(oldCallers);
>>> }
>>>
>>> getCurrentSubject1() -> null
>>>
>>>
>>>
>>> --
>>> View this message in context:
>>> http://apache-geronimo.328035.n3.nabble.com/API-for-nested-subjects-tp3985483.html
>>> Sent from the Users mailing list archive at Nabble.com.
>>
>
>
> --
> View this message in context: http://apache-geronimo.328035.n3.nabble.com/API-for-nested-subjects-tp3985483p3985485.html
> Sent from the Users mailing list archive at Nabble.com.
Re: API for nested subjects?
Posted by weberjn <we...@gmail.com>.
David,
thanks, I tried this now,
ContextManager.getCurrentCaller() returns after setCallers
Private Credential: org.apache.geronimo.openejb.ServerIdentityToken@c2015793
but in the EJB ctx.getCallerPrincipal().getName() returns UNAUTHENTICATED
This is a 2.1 EJB with <method-permission> <unchecked />
but still I think the principal should be transferred, isn't it?
Juergen
David Jencks wrote
>
> Is this code run in the app client?
>
> I think there is no pre-existing logged in Subject? This will mean the
> oldCallers below will have no Subjects in it.
>
> I think you want
>
> ContextManager.setCallers(subject, subject);
> try {
> //whatever
> } finally {
> ContextManager.clearCallers();
> }
>
> thanks
> david jencks
>
> On Jul 18, 2012, at 8:50 AM, weberjn wrote:
>
>> Hi,
>>
>> I still need nested security context, to invoke EJBs from an application
>> client with changing subjects.
>>
>> I tried the ContextManager code below, but it does not work, the current
>> subject is null.
>> Is there a better code for this?
>>
>> Thanks, Juergen
>>
>> See also:
>> https://issues.apache.org/jira/browse/GERONIMO-4765
>> https://java2s.com/Open-Source/Java/EJB-Server/geronimo/security/org/apache/geronimo/security/ContextManagerTest.java.htm
>>
>>
>> context.login();
>> subject subject = context.getSubject();
>>
>> ContextManager.registerSubject(subject);
>> Callers oldCallers = ContextManager.pushNextCaller(subject);
>> // sowhere other in the call chain
>> try
>> {
>> Subject subject1 = ContextManager.getCurrentCaller();
>>
>> System.out.println("getCurrentSubject1() -> " + subject1);
>>
>> // invoke EJB here under subject1
>> }
>> finally
>> {
>> ContextManager.popCallers(oldCallers);
>> }
>>
>> getCurrentSubject1() -> null
>>
>>
>>
>> --
>> View this message in context:
>> http://apache-geronimo.328035.n3.nabble.com/API-for-nested-subjects-tp3985483.html
>> Sent from the Users mailing list archive at Nabble.com.
>
--
View this message in context: http://apache-geronimo.328035.n3.nabble.com/API-for-nested-subjects-tp3985483p3985485.html
Sent from the Users mailing list archive at Nabble.com.
Re: API for nested subjects?
Posted by David Jencks <da...@yahoo.com>.
Is this code run in the app client?
I think there is no pre-existing logged in Subject? This will mean the oldCallers below will have no Subjects in it.
I think you want
ContextManager.setCallers(subject, subject);
try {
//whatever
} finally {
ContextManager.clearCallers();
}
thanks
david jencks
On Jul 18, 2012, at 8:50 AM, weberjn wrote:
> Hi,
>
> I still need nested security context, to invoke EJBs from an application
> client with changing subjects.
>
> I tried the ContextManager code below, but it does not work, the current
> subject is null.
> Is there a better code for this?
>
> Thanks, Juergen
>
> See also:
> https://issues.apache.org/jira/browse/GERONIMO-4765
> https://java2s.com/Open-Source/Java/EJB-Server/geronimo/security/org/apache/geronimo/security/ContextManagerTest.java.htm
>
>
> context.login();
> subject subject = context.getSubject();
>
> ContextManager.registerSubject(subject);
> Callers oldCallers = ContextManager.pushNextCaller(subject);
> // sowhere other in the call chain
> try
> {
> Subject subject1 = ContextManager.getCurrentCaller();
>
> System.out.println("getCurrentSubject1() -> " + subject1);
>
> // invoke EJB here under subject1
> }
> finally
> {
> ContextManager.popCallers(oldCallers);
> }
>
> getCurrentSubject1() -> null
>
>
>
> --
> View this message in context: http://apache-geronimo.328035.n3.nabble.com/API-for-nested-subjects-tp3985483.html
> Sent from the Users mailing list archive at Nabble.com.