geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dain Sundstrom <d...@iq80.com>
Subject Re: Current caller subject?
Date Thu, 03 Aug 2006 16:55:12 GMT
On Aug 2, 2006, at 11:29 PM, David Jencks wrote:

> On Aug 2, 2006, at 10:53 PM, Dain Sundstrom wrote:
>
>> I'm working on the Jencks project again and have discovered that  
>> the container managed security and pool partition by-subject  
>> doesn't work oustide of Geronimo since both depend on obtaining  
>> the current caller's subject from ContextManager.getCurrentCaller 
>> (), which is a Geronimo specific class.
>>
>> Is there a spec defined way we could be getting the current  
>> caller's subject that would reasonably work in most app servers?   
>> I'm hoping there is something in the JACC spec.  If not, I think  
>> we should introduce a hook under these static calls, so we can  
>> redirect them to platform specific APIs when running outside of a  
>> Geronimo server.
>
> You could use
>
> (Subject)PolicyContext.getContext 
> ("javax.security.auth.Subject.container");
>
> which in geronimo delegates to ContextManager.getCurrentCaller()  
> using a lot of hashmap lookups and security checks.

Based on the response I got from Alan on IRC and this message, I  
don't think it would be appropriate to change the connector code use  
the JACC api directly due to the performance problems.  Maybe we can  
change the ContextManager methods as follows:

     public static boolean useJacc = true;
     public static Subject getCurrentCaller() throws  
PolicyContextException {
         if (useJacc) {
             return (Subject)PolicyContext.getContext 
("javax.security.auth.Subject.container");
         } else {
             SecurityManager sm = System.getSecurityManager();
             if (sm != null) sm.checkPermission(GET_CONTEXT);

             return (Subject) currentCaller.get();
         }
     }

When running in a Geronimo server we set useJacc to false.

What do you think?

-dain

Mime
View raw message