geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dain Sundstrom <>
Subject Re: Current caller subject?
Date Thu, 03 Aug 2006 16:55:12 GMT
On Aug 2, 2006, at 11:29 PM, David Jencks wrote:

> On Aug 2, 2006, at 10:53 PM, Dain Sundstrom wrote:
>> I'm working on the Jencks project again and have discovered that  
>> the container managed security and pool partition by-subject  
>> doesn't work oustide of Geronimo since both depend on obtaining  
>> the current caller's subject from ContextManager.getCurrentCaller 
>> (), which is a Geronimo specific class.
>> Is there a spec defined way we could be getting the current  
>> caller's subject that would reasonably work in most app servers?   
>> I'm hoping there is something in the JACC spec.  If not, I think  
>> we should introduce a hook under these static calls, so we can  
>> redirect them to platform specific APIs when running outside of a  
>> Geronimo server.
> You could use
> (Subject)PolicyContext.getContext 
> ("");
> which in geronimo delegates to ContextManager.getCurrentCaller()  
> using a lot of hashmap lookups and security checks.

Based on the response I got from Alan on IRC and this message, I  
don't think it would be appropriate to change the connector code use  
the JACC api directly due to the performance problems.  Maybe we can  
change the ContextManager methods as follows:

     public static boolean useJacc = true;
     public static Subject getCurrentCaller() throws  
PolicyContextException {
         if (useJacc) {
             return (Subject)PolicyContext.getContext 
         } else {
             SecurityManager sm = System.getSecurityManager();
             if (sm != null) sm.checkPermission(GET_CONTEXT);

             return (Subject) currentCaller.get();

When running in a Geronimo server we set useJacc to false.

What do you think?


View raw message