]
Bernd Ruecker resolved JBPM-1909.
---------------------------------
Resolution: Done
I think it is everything that can be done at the moment. And it works to read the actorid
from JAAS...
Fix SubjectAuthenticationService
--------------------------------
Key: JBPM-1909
URL:
https://jira.jboss.org/jira/browse/JBPM-1909
Project: JBoss jBPM
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: Core Engine
Reporter: Bernd Ruecker
Assignee: Bernd Ruecker
Priority: Minor
Fix For: jBPM 3.3.1 GA
In the code base there is a SubjectAuthenticationService. The intention is, that the
actor-id is set to the currently logged in JAAS-Subject. Unfortunately, this isn't
implemented consequently.
In a current project we want to exchange the AuthenticationService, because we try to use
Single-Sign-On Semantics in JBoss SOA Platform.
Currently there are 3 problems:
1.) There is no SubjectAuthenticationServiceFactory, so this AuthenticationService cannot
be used
2.) subject.getPrincipals(principalClass) results in a list of Principals, containing
groups as well. So by the current code, the actor isn't set correctly
3.) And this is the bigger SHOWSTOPPER: The AuthenticationService interface only defines
the method "getActor". But at several places jbpmContext.setActorId is called
(e.g. WebConsole PhaseListener, ESB BpmProcessor, ...). This results in an exception if
the DefaultAuthenticationService is not used! This makes it impracticable to exchange the
AuthenticationService.
So what to do at this front?
I see two possibilities:
a) Change the AuthenticationService interface to include a setActorId method. This can be
ignored by implementations like the SubjectAuthenticationService (cannot and don't
want to change the JAAS subject).
b) Change the JbpmContext to ignore setActorId depending on the AuthenticationService
implementation.
The third possibility isn't really an option I think: Change all clients to NOT call
the setActorId without any good reason.
I tend to option (a). What I could imagine is, that the actorId is queries from JAAS if
null, but can be overwritten with setActorId and then remembered locally. Please refer to
the forum for discussion....
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: