You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by Paco Avila <pa...@git.es> on 2006/04/03 11:28:17 UTC
Login error with null Credentials
I hace a webapp configured with security. So I need to login on it,
using BASIC authentication. When I do:
Repository r = (Repository) ctx.lookup("repo");
Session session = r.login();
Jackrabbit is supposed to get credentials from the authenticated user,
but fails.
In my protected JSP i do:
AccessControlContext acc = AccessController.getContext();
Subject subject = Subject.getSubject(acc);
but the subject is null. It seems to be a JBoss problem with this
workaround (I use JBOss 4.0.2):
Context ctx = new InitialContext();
org.jboss.security.SubjectSecurityManager mgr =
(org.jboss.security.SubjectSecurityManager)ctx.lookup("java:comp/env/security/securityMgr");
Subject sub = mgr.getActiveSubject();
So, Can anybody confirm that r.login() fails?
Thanks in advance.
--
Paco Avila <pa...@git.es>
Re: Login error with null Credentials
Posted by Marcel Reutegger <ma...@gmx.net>.
Paco Avila wrote:
> I've been tweakin the RepositoryImpl class and changed this lines
>
> // null credentials, obtain the identity of the already-authenticated
> // subject from access control context
> AccessControlContext acc = AccessController.getContext();
> Subject subject = Subject.getSubject(acc);
>
> to:
>
> // null credentials, obtain the identity of the already-authenticated
> // subject from access control context
> Context ctx = new InitialContext();
> subject = (Subject)ctx.lookup("java:comp/env/security/subject");
>
> And now works. But i wonder if this is a dirty patch or a good one. This
> works in JBoss 4.0.3SP1.
that's a rather dirty hack. the details where the subject is obtained
from is not the task of the repository.
you should rather do the following when you do a login:
Context ctx = new InitialContext();
Subject subject = (Subject)ctx.lookup("java:comp/env/security/subject");
final Repository repository = .... // probably also from jndi
Session s = (Session) Subject.doAs(subject, new PrivilegedAction() {
public Object run() {
return repository.login();
}
});
regards
marcel
Re: Login error with null Credentials
Posted by Paco Avila <pa...@git.es>.
El lun, 03-04-2006 a las 11:28 +0200, Paco Avila escribió:
> I hace a webapp configured with security. So I need to login on it,
> using BASIC authentication. When I do:
>
> Repository r = (Repository) ctx.lookup("repo");
> Session session = r.login();
>
> Jackrabbit is supposed to get credentials from the authenticated user,
> but fails.
I've been tweakin the RepositoryImpl class and changed this lines
// null credentials, obtain the identity of the already-authenticated
// subject from access control context
AccessControlContext acc = AccessController.getContext();
Subject subject = Subject.getSubject(acc);
to:
// null credentials, obtain the identity of the already-authenticated
// subject from access control context
Context ctx = new InitialContext();
subject = (Subject)ctx.lookup("java:comp/env/security/subject");
And now works. But i wonder if this is a dirty patch or a good one. This
works in JBoss 4.0.3SP1.
--
Paco Avila <pa...@git.es>