Examples of javax.security.auth.Subject

• javax.security.auth.Subject
  a Principal and credential to the Subject subject.getPrincipals().add(principal); subject.getPublicCredentials().add(credential);

  This {@code Subject} class implements {@code Serializable}. While the Principals associated with the {@code Subject} are serialized,the credentials associated with the {@code Subject} are not.Note that the {@code java.security.Principal} classdoes not implement {@code Serializable}. Therefore all concrete {@code Principal} implementations associated with Subjectsmust implement {@code Serializable}. @see java.security.Principal @see java.security.DomainCombiner

    */
   public Object invoke(Invocation invocation) throws Throwable
   {
    SecurityContext previousSC = null;
      String type = invocation.getType();
      Subject subject = null;
      if (!initialized)
         initialize();
      if (type == Invocation.OP_INVOKE && securityMgr != null)
      {
         String opName = invocation.getName();
         if (opName.equals("invoke"))
         {
            Object[] args = invocation.getArgs();
            org.jboss.invocation.Invocation inv = (org.jboss.invocation.Invocation) args[0];
            // Authenticate the caller based on the security association
            Principal caller = inv.getPrincipal();
            Object credential = inv.getCredential();
            subject = new Subject();
            boolean isValid = securityMgr.isValid(caller, credential, subject);
            if (isValid == false)
            {
               String msg = "Failed to authenticate principal=" + caller + ", securityDomain="
                     + securityMgr.getSecurityDomain();

      TomcatJASPICallbackHandler cbh = new TomcatJASPICallbackHandler();

      ServerAuthenticationManager sam = getServerAuthenticationManager();
      if(sam != null)
      {
         result = sam.isValid(messageInfo, new Subject(), messageLayer, cbh);
      }

      //The Authentication process has been a success. We need to register
      //the principal, username, password with the container
      if(result)

         {
            SecurityRoleRefMetaData meta = (SecurityRoleRefMetaData) it.next();
            securityRoleRefs.add(new SecurityRoleRef(meta.getName(), meta.getLink(),meta.getDescription()));
         }
         //Get the context subject
         Subject contextSubject = null;
         try
         {
            contextSubject = SecurityActions.getContextSubject();
            if(contextSubject == null)
               log.error("Subject is null for isCallerInRole Check with role="+roleName);

         LoginConfig config) throws Exception
   {
      log.debug("ExtendedSecurityMgrRealm:authenticate");
      MessageInfo authParam = new GenericMessageInfo(request, request.getResponse());
      GeneralizedAuthenticationManager gam = getAuthenticationManager();
      Subject clientSubject = new Subject();
      Subject serviceSubject = new Subject();
      Map sharedState = getSharedState(request,config);
      AuthStatus status = AuthStatus.FAILURE;
      while(!status.equals(AuthStatus.SEND_CONTINUE))
      {
         status = gam.validateRequest(authParam, clientSubject, serviceSubject);

   private int getResult(String policyName) throws Exception
   {
      int result = AuthorizationContext.DENY;

      JBossAuthorizationContext aContext = new JBossAuthorizationContext(policyName,
            new Subject(),
            new TestCallbackHandler());
      aContext.setApplicationPolicy(policyConfig.get(policyName));
      try
      {
         result =  aContext.authorize(new Resource()

         // Get the JBoss security manager from the ENC context
         SubjectSecurityManager securityMgr = getSubjectSecurityManager("authenticate(X509Certificate[] certs)");
         if(securityMgr == null)
            return null;

         Subject subject = new Subject();
         principal = certMapping.toPrinicipal(certs);
         if (securityMgr.isValid(principal, certs, subject))
         {
            if (trace)
            {

         SubjectSecurityManager securityMgr = getSubjectSecurityManager("authenticate( digest related)");
         if(securityMgr == null)
            return null;

         principal = new SimplePrincipal(username);
         Subject subject = new Subject();
         if (securityMgr.isValid(principal, digest, subject))
         {
            log.trace("User: " + username + " is authenticated");
            securityDomain = securityMgr.getSecurityDomain();
            SecurityAssociationActions.setPrincipalInfo(principal, digest, subject);

         SubjectSecurityManager securityMgr = getSubjectSecurityManager("authenticate(username,cred)");
         if(securityMgr == null)
            return null;

         principal = new SimplePrincipal(username);
         Subject subject = new Subject();
         if (securityMgr.isValid(principal, credentials, subject))
         {
            log.trace("User: " + username + " is authenticated");
            securityDomain = securityMgr.getSecurityDomain();
            SecurityAssociationActions.setPrincipalInfo(principal, credentials, subject);

      //By default, the authorization framework always returns PERMIT such that the
      //decision of the realm base holds.
      if (baseDecision && !ignoreJBossAuthorization)
      {
         Subject caller = this.establishSubjectContext(request.getPrincipal());

         PolicyRegistration policyRegistration = getPolicyRegistration();

         SecurityContext sc = SecurityAssociationActions.getSecurityContext();
         Map<String, Object> contextMap = new HashMap<String, Object>();

         {
            log.error("Error obtaining helper", e);
         }
         helper.setPolicyRegistration(getPolicyRegistration());
         helper.setEnableAudit(enableAudit);
         Subject callerSubject = SecurityAssociationActions.getSubject();
         if (callerSubject == null)
         {
            //During hasResourcePermission check, catalina calls hasRole. But we have not established
            // a subject yet in the security context. So we will get the subject from the cached principal
            callerSubject = SecurityAssociationActions.getSubjectFromRequestPrincipal(principal);