tags:

views:

676

answers:

4
+1  Q: 

How do I access JAAS roles at arbitrary point in the code?

I want to access the full model of users with their roles in my SOAP app. For example, I might want to know the role of a user called "Fred."

How do I reach into some sort of global JAAS registry and do (pseudocode) globalRegistry.getUser("Fred").getPricipals()? (Note that in JAAS, roles are represented by Principals.)

I know how to get the Principal of the Subject from the LoginContext, but that has two problems.

  1. It is only at the moment of login, and I'd prefer not to code the aforementioned registry and store the Subject and Principal objects myself, as I they are already stored by the appserver.
  2. Preferably, I want to be able to access this information even when Fred is not the current user.

I am using Jetty, but I presume that these behaviors are standard to JAAS.

+1  A: 

To me, it seems this mizes appsever's users, groups etc. with J2EE application roles.

  • Getting permissions of a certaion user is a administration task and usually has to be accomplished using appserver-specific APIs.
  • JAAS programming model works on higher level of abstratcion. It only provides the information whether a user is in a J2EE role (defined within the application)
david a.  2009-02-09 17:29:33
+1  A: 

We use a ThreadLocal variable to reference the current user as has been authenticated at the system entrypoint (a servlet or ejb in our case). This allows 'global' access to the current user. This is not directly tied to JAAS or any other security protocol, but can be initialized from them.

EDIT: The return from the ThreadLocal is the Subject for the current user.

Accessing other users would typically be done via some type of admin module.

Robin  2009-02-09 17:35:18
A: 

Robin, can you put any example's code? Thanks

Juanjoc  2010-05-25 14:21:18
A: 

I believe that JAAS was designed to not really allow what you are trying to do. I know in the apps I've built that I needed that sort of functionality I had to side-step JAAS and program directly to whatever the actual identity repository was, be it LDAP, ActiveDirectory or whatever.

mezmo  2010-05-25 14:34:22

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java