Subject would be the key. I overlooked doAs().
JavaEE LoginContext
-
12-07-2023 - |
Question
I am trying to do a manual login in an EJB like the Servlet Request offers.
So far so good. I implemented the CallbackHandler:
public class PasswordCallbackHandler implements CallbackHandler {
private String username;
private char[] password;
public PasswordCallbackHandler(String username, char[] password) {
super();
this.username = username;
this.password = password;
}
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
if(callbacks == null) {
return;
}
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
NameCallback nc = (NameCallback) callbacks[i];
nc.setName(username);
} else if (callbacks[i] instanceof PasswordCallback) {
PasswordCallback pc = (PasswordCallback) callbacks[i];
pc.setPassword(password);
} else {
throw new UnsupportedCallbackException(callbacks[i],
"Unrecognized Callback");
}
}
}
}
My Code:
PasswordCallbackHandler handler = new PasswordCallbackHandler("user", "password".toCharArray());
LoginContext context = new LoginContext("realm", handler);
context.login();
The subject shows:
Subject:
Principal: user
Principal: Roles(members:ADMIN,USER)
Principal: CallerPrincipal(members:user)
So the login itself worked. My Question now is what am I doing with it? When I fetch the current principal from the container I still receive anonymous. Tested on JBoss 7.1 and Wildfly.
@Resource
private SessionContext ctx;
Principal callerPrincipal = ctx.getCallerPrincipal();
if(callerPrincipal == null) {
return null;
}
String playerName = callerPrincipal.getName(); // Also after login() it returns anonymous.
So did I misunderstood this functionality? What do I need the subject for? How would I do a login where the container accepts my new user credentials?
When I use the login() from the Servlet API in a Filter it works.
greetings, m
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow