[jboss-user] [Security & JAAS/JBoss] - Custom Interceptor & Reading Principal for MDB's

[steff517]

Hi,
I have a problem with JBoss security. I implemented an interceptor in which I need to read the current principal. This basically works very well, I get the subject using the following code:

   1. (Subject) PolicyContext.getContext("javax.security.auth.Subject.container")  

The problem occurs when I have a Message Driven Bean which is annotated with @RunAs("SYSTEM"). The code above always returns null. I also tried the following code, to read the subject.

Subject.getSubject(AccessController.getContext()); 
and also reading from the sessionContext
sctx.getCallerPrincipal()

With all this, I didn't have success. I saw in the JBoss sources that the RunAsIdentity is sort of a special treatment which is read by the SecurityInterceptor like this:
SecurityActions.peekRunAsIdentity()
But calling this is not possible for me due to security restricitons and I think it's also not meant to be read like this.
Does anybody have an idea what is the correct way to read the subject and principal in this case?

Thanks!
stefan

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4249663#4249663

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4249663