geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: NPE in ContextManager.getCurrentContext
Date Tue, 28 Jul 2009 16:48:52 GMT

On Jul 28, 2009, at 4:02 AM, Juergen Weber wrote:

>
> Hi,
>
> I found that if the code between pushNextCaller and popCallers still  
> runs
> with the previous Subject, i.e.
>
> // point A
> Callers oldCallers = ContextManager.pushNextCaller(subject);
> // point B
> System.out.println("getCurrentCaller(): " +
> ContextManager.getCurrentCaller());
> System.out.println("Subject.getSubject: " +
> Subject.getSubject(ContextManager.getCurrentContext()));
> ContextManager.popCallers(oldCallers);
>
> the println() outputs at B give the same Subject as at A, the pushed  
> subject
> is not active until the next called ejb. Being used to the doas()  
> semantics
> this is kind of surprising...
>
> Would it be possible to change the behaviour to get the new Subject
> immediately active?

This stuff is definitely weird and confusing, but is there to support  
run-as semantics.  Run-as is not explained very well in any spec I've  
seen but after long study I think its supposed to work like this:

Start with identity A

call component C1 which is configured with run-as identity B

when you call C1 or ask isUserInRole() in C1 or getUserPrincipal/ 
getCallerPrincipal in C1, the answer is derived from A

If, in C1, you call a further component C2, the permissions for the  
operation you want to do, isUserInRole, getUser/CallerPrincipal in C2  
are all determined from the run-as identity B.

So, ContextManager.push sets up the run-as identity the next component  
to be called will use.

So unless you can convince me my understanding of run-as identities is  
wrong we aren't going to change how the push/pop stuff works.  It  
really isn't intended for use by applications.

On the other hand, if you want to immediately execute under another  
identity you can set both the subjects the context manager tracks  
using setCallers.  Be sure to restore the previous state when you are  
done.

thanks
david jencks

>
> Thanks,
> Juergen
>
>
> Juergen Weber wrote:
>>
>>
>> djencks wrote:
>>>
>>>
>>> Geronimo uses the AccessControlContext for the Subject to evaluate
>>> security decisions.  So, you need to get Geronimo to compute and  
>>> store
>>> this ACC for you.
>>> [..]
>>>
>>
>> Well, the methodname pushNextCaller suggests that it would do that.
>> Anyway, with the code below it works now.
>>
>> This code should be in Geronimo itself, I created GERONIMO-4765.
>>
>> Thanks,
>> J├╝rgen
>>
>>
>>
>> SimpleCallbackHandler handler = new SimpleCallbackHandler(
>> 		user, password.toCharArray());
>>
>> LoginContext lc = new LoginContext("geronimo-admin", handler);
>> lc.login();
>>
>> Subject subject = lc.getSubject();
>> System.out.println("lc.getSubject: " + subject);
>>
>>
>> ContextManager.registerSubject(subject);
>> Callers oldCallers = ContextManager.pushNextCaller(subject);
>> try
>> {
>> 	s1 = secured3Bean.secureMethod(input);
>> }
>> finally
>> {
>> 	ContextManager.popCallers(oldCallers);
>> }
>>
>>
>
> -- 
> View this message in context: http://www.nabble.com/NPE-in-ContextManager.getCurrentContext-tp24645453s134p24697077.html
> Sent from the Apache Geronimo - Users mailing list archive at  
> Nabble.com.
>

Mime
View raw message