[cdi-dev] [JBoss JIRA] (CDI-597) Make Principal unwrappable

Arjan t (JIRA) issues at jboss.org
Wed Apr 6 11:34:00 EDT 2016

    [ https://issues.jboss.org/browse/CDI-597?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13187837#comment-13187837 ] 

Arjan t commented on CDI-597:

{quote}it is in JAAS {quote}

But not all application servers use JAAS, and JAAS is not a mandatory part of Java EE or Servlet. Unless... unless you're referring to the JASPIC LoginModule bridge profile ;) But then the {{CallerPrincipalCallback}} is the primary artifact to deal with, and the SAM just gets the {{Principal}} from the {{LoginModule}}. 

+100 to move it to security spec. That said it means principal injection moves too since today it is in CDI (shouldn't have been I agree)

Okay, would be great if we can make this happen.

> Make Principal unwrappable
> --------------------------
>                 Key: CDI-597
>                 URL: https://issues.jboss.org/browse/CDI-597
>             Project: CDI Specification Issues
>          Issue Type: Epic
>            Reporter: Romain Manni-Bucau
> CDI allows to get injected a Principal but often you need to access the actual Principal instance when you need more than a name. Since the injection is a proxy (otherwise it would be broken in most of  scoped wrapper instances cases) we would need a CDI solution to unwrap this instance.
> Solution I see without creating a new kind of API but just something specific to this case: CDIPrincipal extends Principal { <T> T unwrap(Class<T> t) } and allow to get it injected directly as Principal today.
> This issue can be linked to CDI-10 but here it is safe to add unwrap() where on CDI-10 it is not (too general).

This message was sent by Atlassian JIRA

More information about the cdi-dev mailing list