0 Replies Latest reply: Mar 13, 2002 1:01 PM by Torben Jaeger RSS

    Subject.getSubject() allowed in EJB Method?

    Torben Jaeger Newbie


      We have to authenticate a user against a Host-System but we do not want to implement a resource adapter for this.
      The idea was to write a LDAP LoginModule to read the login information for the host system and serve this info in the credentials of the subject.
      We didn't find a solution how to access the subject within an EJB method.

      First question: Is this allowed in the security sense?

      Tried following:

      public String echo(String arg)
      AccessControlContext acc = AccessController.getContext();
      System.out.println("got acc: " + acc);
      acc.checkPermission(new AuthPermission("getSubject"));

      Subject subj = Subject.getSubject(acc);
      System.out.println("got Subject: " + subj);

      System.out.println("StatelessSessionBean.echo, arg="+arg);
      Principal p = sessionContext.getCallerPrincipal();
      System.out.println("StatelessSessionBean.echo, callerPrincipal="+p);

      return arg;

      Second question: Could this work?

      It does not. We got an ACC, but the returned Subject was null.

      Thx for your time.

      // Torben