geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jürgen Weber (JIRA) <j...@apache.org>
Subject [jira] Created: (GERONIMO-4765) API for Assumed Identity (run-as) support
Date Sun, 26 Jul 2009 10:35:15 GMT
API for Assumed Identity (run-as) support
-----------------------------------------

                 Key: GERONIMO-4765
                 URL: https://issues.apache.org/jira/browse/GERONIMO-4765
             Project: Geronimo
          Issue Type: Improvement
      Security Level: public (Regular issues)
          Components: security
    Affects Versions: 2.2
            Reporter: Jürgen Weber
             Fix For: 2.2


To programmatically change the currently active subject, at the moment you have to use the
following Geronimo-proprietary code:

ContextManager.registerSubject(subject);
Callers oldCallers = ContextManager.pushNextCaller(subject);
try
{
	// secure code
}
finally
{
	ContextManager.popCallers(oldCallers);
}


(see http://www.nabble.com/NPE-in-ContextManager.getCurrentContext-ts24645453s134.html)


There should be a simpler (less Geronimo-dependend code) API analog to javax.security.auth.Subject.doAs()
(http://java.sun.com/javase/6/docs/api/javax/security/auth/Subject.html#doAs%28javax.security.auth.Subject,%20java.security.PrivilegedExceptionAction%29)

This API itself cannot be used, see http://publib.boulder.ibm.com/infocenter/wasinfo/v5r1//index.jsp?topic=/com.ibm.websphere.base.doc/info/aes/ae/rsec_jaasauthor.html
http://www.nabble.com/security-propagation-from-JAAS-context-to-EJB-question-ts24091806s134.html


An API for Assumed Identity (run-as) support could be implemented like

	public <T> T doAs(Subject subject, PrivilegedExceptionAction<T> action)
			throws PrivilegedActionException
	{
		T t = null;

		ContextManager.registerSubject(subject);
		Callers oldCallers = ContextManager.pushNextCaller(subject);
		try
		{
			t = action.run();
		}
		catch (Exception e)
		{
			throw new PrivilegedActionException(e);
		}
		finally
		{
			ContextManager.popCallers(oldCallers);
		}

		return t;
	}

This code could be put into a method of ContextManager or into a new class org.apache.geronimo.security.Security.

This would still create a non-portable dependency to Geronimo in user code.

You would use it like 

LoginContext lc = new LoginContext("geronimo-admin", handler);
lc.login();
Subject subject = lc.getSubject();
String s = doAs(subject, new PrivilegedExceptionAction<String>()
{
	public String run() throws Exception
	{
		return null; // secure code
	}
});

This would be analogous to similar APIs in Weblogic Server or Websphere AS.



-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message