Bug 46011 - Cannot access to Principal via Subject.getSubject(AccessController.getContext())
Cannot access to Principal via Subject.getSubject(AccessController.getContext())
Status: RESOLVED FIXED
Product: Tomcat 6
Classification: Unclassified
Component: Catalina
6.0.18
PC All
: P2 major (vote)
: default
Assigned To: Tomcat Developers Mailing List
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2008-10-15 02:56 UTC by tsveg1
Modified: 2008-11-30 15:25 UTC (History)
1 user (show)



Attachments
a patch for the problem (6.53 KB, patch)
2008-10-15 02:57 UTC, tsveg1
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description tsveg1 2008-10-15 02:56:56 UTC
Cannot access to Principal via Subject.getSubject(AccessController.getContext()).

Problem is that in method internalDoFilter of ApplicationFilterChain in call of filter chain the code determinate the Principal but don't use it:

                if( Globals.IS_SECURITY_ENABLED ) {
                    final ServletRequest req = request;
                    final ServletResponse res = response;
                    Principal principal = 
                        ((HttpServletRequest) req).getUserPrincipal();

                    Object[] args = new Object[]{req, res, this};
                    SecurityUtil.doAsPrivilege
                        ("doFilter", filter, classType, args);
                    
                    args = null;
                } else {  

In this manner a SecurityUtil.doAsPrivilege will be called with Principal == null
and method execute create a Subject with no Principals.
Then call a Subject.doAsPrivileged(subject, pea, null);  and this do not propagate Principals. I obtain a Subject without Principals calling Subject.getSubject(AccessController.getContext()).

In attachment we send our solution
Comment 1 tsveg1 2008-10-15 02:57:50 UTC
Created attachment 22731 [details]
a patch for the problem
Comment 2 Mark Thomas 2008-11-05 08:19:58 UTC
many thanks for the patch. This has been committed to trunk and proposed for 6.0.19
Comment 3 Mark Thomas 2008-11-30 15:25:36 UTC
This has been applied to 6.0.x and will be in 6.0.19 onwards. Thanks again for the patch.