0 Replies Latest reply: Mar 13, 2002 1:01 PM by Torben Jaeger RSS

Subject.getSubject() allowed in EJB Method?

Torben Jaeger Newbie

Hello!

We have to authenticate a user against a Host-System but we do not want to implement a resource adapter for this.
The idea was to write a LDAP LoginModule to read the login information for the host system and serve this info in the credentials of the subject.
We didn't find a solution how to access the subject within an EJB method.

First question: Is this allowed in the security sense?

Tried following:


public String echo(String arg)
{
AccessControlContext acc = AccessController.getContext();
System.out.println("got acc: " + acc);
acc.checkPermission(new AuthPermission("getSubject"));

Subject subj = Subject.getSubject(acc);
System.out.println("got Subject: " + subj);

System.out.println("StatelessSessionBean.echo, arg="+arg);
Principal p = sessionContext.getCallerPrincipal();
System.out.println("StatelessSessionBean.echo, callerPrincipal="+p);

return arg;
}


Second question: Could this work?

It does not. We got an ACC, but the returned Subject was null.

Thx for your time.

// Torben