On Wed, 2004-05-19 at 18:49, Jeanfrancois Arcand wrote: > > /*This line is in servlet service method*/ > > Subject.doAsPrivileged(subject, new SecuredActions(), null ); > > > > > Yes, that's probably the problem since SecurityUtil has already set that > value. The AccesControlContext already has the Subject attached to it. > You may want to try: > > Subject.getSubject(AccessController.getContext()); >
I have checked SecurityUtil class. If I understand it well it invokes servlet service method with the doAsPrivileged and the subject cached in the HttpSession. If I check current Subject with Subject.getSubject(AccessController.getContext()) inside service method before I call my doAsPrivleged it returns null. So I use my subject (which I get from login context with lc.getSubject()) to execute Subject.doAsPrivileged(subject, new SecuredActions(), null ) protected code which in turn check the subject permission. So I can try to describe whole situation as I see it: First, servlet service method is called as doAsPrivileged with null subject (which is cached in HttpSession) then I invoke doAsPrivileged within service method with subject generated in Login procedure on SecuredAction class. Here something goes wrong and I can't get what!? (P.S. This works fine on tomcat 4.1.30 maybe we should check SecurityUtil class implementation there?) Viktor --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
