You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jackrabbit.apache.org by Paco Avila <pa...@git.es> on 2006/04/03 11:28:17 UTC

Login error with null Credentials

I hace a webapp configured with security. So I need to login on it,
using BASIC authentication. When I do:

Repository r = (Repository) ctx.lookup("repo");
Session session = r.login();

Jackrabbit is supposed to get credentials from the authenticated user,
but fails.

In my protected JSP i do:

AccessControlContext acc = AccessController.getContext();
Subject subject = Subject.getSubject(acc);

but the subject is null. It seems to be a JBoss problem with this
workaround (I use JBOss 4.0.2):

Context ctx = new InitialContext();
org.jboss.security.SubjectSecurityManager mgr =
(org.jboss.security.SubjectSecurityManager)ctx.lookup("java:comp/env/security/securityMgr");
Subject sub = mgr.getActiveSubject();

So, Can anybody confirm that r.login() fails?

Thanks in advance.
-- 
Paco Avila <pa...@git.es>

Re: Login error with null Credentials

Posted by Marcel Reutegger <ma...@gmx.net>.

Paco Avila wrote:
> I've been tweakin the RepositoryImpl class and changed this lines 
> 
> // null credentials, obtain the identity of the already-authenticated
> // subject from access control context
> AccessControlContext acc = AccessController.getContext();
> Subject subject = Subject.getSubject(acc);
> 
> to:
> 
> // null credentials, obtain the identity of the already-authenticated
> // subject from access control context
> Context ctx = new InitialContext();
> subject = (Subject)ctx.lookup("java:comp/env/security/subject"); 
> 
> And now works. But i wonder if this is a dirty patch or a good one. This
> works in JBoss 4.0.3SP1.

that's a rather dirty hack. the details where the subject is obtained 
from is not the task of the repository.

you should rather do the following when you do a login:

Context ctx = new InitialContext();
Subject subject = (Subject)ctx.lookup("java:comp/env/security/subject");
final Repository repository = ....  // probably also from jndi

Session s = (Session) Subject.doAs(subject, new PrivilegedAction() {
     public Object run() {
         return repository.login();
     }
});

regards
  marcel

Re: Login error with null Credentials

Posted by Paco Avila <pa...@git.es>.

El lun, 03-04-2006 a las 11:28 +0200, Paco Avila escribió:
> I hace a webapp configured with security. So I need to login on it,
> using BASIC authentication. When I do:
> 
> Repository r = (Repository) ctx.lookup("repo");
> Session session = r.login();
> 
> Jackrabbit is supposed to get credentials from the authenticated user,
> but fails.

I've been tweakin the RepositoryImpl class and changed this lines 

// null credentials, obtain the identity of the already-authenticated
// subject from access control context
AccessControlContext acc = AccessController.getContext();
Subject subject = Subject.getSubject(acc);

to:

// null credentials, obtain the identity of the already-authenticated
// subject from access control context
Context ctx = new InitialContext();
subject = (Subject)ctx.lookup("java:comp/env/security/subject"); 

And now works. But i wonder if this is a dirty patch or a good one. This
works in JBoss 4.0.3SP1.

-- 
Paco Avila <pa...@git.es>