geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jürgen Weber (JIRA) <j...@apache.org>
Subject [jira] Commented: (GERONIMO-4765) API for Assumed Identity (run-as) support
Date Sun, 26 Jul 2009 20:58:14 GMT

    [ https://issues.apache.org/jira/browse/GERONIMO-4765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12735424#action_12735424
] 

Jürgen Weber commented on GERONIMO-4765:
----------------------------------------

As an application developer you are supposed to stick to standards, and for Java security
the Standard is JAAS. It has limitations for JEE thence the extensions by BEA and IBM.
I suggest to include a doas() method to use a similar pattern as WAS and WLS (which both use
an API similar to javax.security.auth.Subject.doAs()) to make it easier to write portable
software, not to provide the "best" security API.

Unfortunately there seems no way for a working doAs() without a proprietary extension, but
it should be kept as small as possible.

Going away from JAAS might be another option, but not an option most conservative IT managers
would like. But if you do, you might as well have a look at Apache Shiro.

> API for Assumed Identity (run-as) support
> -----------------------------------------
>
>                 Key: GERONIMO-4765
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4765
>             Project: Geronimo
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.2
>            Reporter: Jürgen Weber
>             Fix For: 2.2
>
>
> To programmatically change the currently active subject, at the moment you have to use
the following Geronimo-proprietary code:
> ContextManager.registerSubject(subject);
> Callers oldCallers = ContextManager.pushNextCaller(subject);
> try
> {
> 	// secure code
> }
> finally
> {
> 	ContextManager.popCallers(oldCallers);
> }
> (see http://www.nabble.com/NPE-in-ContextManager.getCurrentContext-ts24645453s134.html)
> There should be a simpler (less Geronimo-dependend code) API analog to javax.security.auth.Subject.doAs()
> (http://java.sun.com/javase/6/docs/api/javax/security/auth/Subject.html#doAs%28javax.security.auth.Subject,%20java.security.PrivilegedExceptionAction%29)
> This API itself cannot be used, see http://publib.boulder.ibm.com/infocenter/wasinfo/v5r1//index.jsp?topic=/com.ibm.websphere.base.doc/info/aes/ae/rsec_jaasauthor.html
> http://www.nabble.com/security-propagation-from-JAAS-context-to-EJB-question-ts24091806s134.html
> An API for Assumed Identity (run-as) support could be implemented like
> 	public <T> T doAs(Subject subject, PrivilegedExceptionAction<T> action)
> 			throws PrivilegedActionException
> 	{
> 		T t = null;
> 		ContextManager.registerSubject(subject);
> 		Callers oldCallers = ContextManager.pushNextCaller(subject);
> 		try
> 		{
> 			t = action.run();
> 		}
> 		catch (Exception e)
> 		{
> 			throw new PrivilegedActionException(e);
> 		}
> 		finally
> 		{
> 			ContextManager.popCallers(oldCallers);
> 		}
> 		return t;
> 	}
> This code could be put into a method of ContextManager or into a new class org.apache.geronimo.security.Security.

> This would still create a non-portable dependency to Geronimo in user code.
> You would use it like 
> LoginContext lc = new LoginContext("geronimo-admin", handler);
> lc.login();
> Subject subject = lc.getSubject();
> String s = doAs(subject, new PrivilegedExceptionAction<String>()
> {
> 	public String run() throws Exception
> 	{
> 		return null; // secure code
> 	}
> });
> This would be analogous to similar APIs in Weblogic Server or Websphere AS.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message