I'm trying to run code within JBoss Container under a different authentication by programatically logging in a user like that (stripped exception handling):
LoginContext ctx = ctx =
new LoginContext("MyLoginSchema",
new UsernamePasswordCallbackHandler("newuser", "")
);
ctx.login();
Subject.doAs(ctx.getSubject(), new PrivilegedAction<T>() {
@Override
public T run() {
Subject.getSubject(AccessController.getContext());
InitialContext ic = new InitialContext();
EJBContext sctxLookup = (EJBContext) ic.lookup("java:comp/EJBContext");
Principal principal = sctxLookup.getCallerPrincipal();
}
});
Login of newuser works (Call of LoginModule was successful) but Subject.doAs() doesn't associate the new Subject with the EJBContext. The code in the run()-Method still fetches the old user's principal from EJBContext.
I tested another method of retrieving the logged in user but same behavior here:
Subject caller = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
Any ideas?
Which LoginModule do you use now? In JBoss 6.1 you had to use ClientLoginModule to authenticate in container.
My understanding is this is currently not supported by JBoss AS 7.1. See this thread
Edit
What I wrote here is wrong, the thread only applies to client side login (outside of a JBoss).
来源:https://stackoverflow.com/questions/12779566/login-a-user-programmatically-via-jaas