0

I am migrating a legacy application from Orion web server to Wildfly. In orion web server, the security principal is fetched in the following way:

String  remoteUser = request.getRemoteUser();
javax.naming.InitialContext  initialContext =new javax.naming.InitialContext(); 
Object rmo = initialContext.lookup("java:comp/RoleManager");
com.evermind.security.RoleManager roleManager = (com.evermind.security.RoleManager) rmo;
if (remoteUser != null) {
    java.security.Principal  principal = roleManager.getPrincipal(remoteUser);
}

I would like to know an equivalent method to obtain the principal in JBoss/Wildfly.

Please let me know if you need any additional information.

prefetcher
  • 63
  • 6

1 Answers1

0

If you are using JAAS you can do it through the standard way:

java.security.Principal  principal = request.getUserPrincipal();
Ernesto Campohermoso
  • 7,213
  • 1
  • 40
  • 51
  • Thanks Ernesto. I'll take a look at JAAS. I was looking for a RoleManager class so that I can do something like: `roleManager.createPrincipal(userName, null, clientCertificate);` – prefetcher Apr 30 '15 at 05:08
  • Do you have some error message if you execute your code as is?. – Ernesto Campohermoso Apr 30 '15 at 05:12
  • Well, the existing code uses Orion's RoleManager from evermind. I didn't want to add this legacy dependency to JBoss. I was wondering if any role managers are available in JBoss – prefetcher Apr 30 '15 at 05:15
  • Apparently Evermind is a legacy technology. Right? Maybe you want to migrate it to JAAS http://docs.oracle.com/javaee/7/tutorial/partsecurity.htm#GIJRP . Also I recomend check for Apache Shiro http://shiro.apache.org/ If you want to update your security infrastructure. – Ernesto Campohermoso Apr 30 '15 at 05:20
  • Yup. Evermind is legacy. I would still assume that JBoss/Wildfly should be offering something similar in functionality – prefetcher Apr 30 '15 at 06:09
  • Thanks again Ernesto!! Appreciate your inputs – prefetcher Apr 30 '15 at 06:31
  • 2
    >`If you are using JAAS` - Note that the method you demonstrate is from the *Servlet* spec, and it has itself nothing to do with JAAS. "JAAS" it not some umbrella name of the various Java EE security specifications and/or security aspects in a variety of spec. A Servlet container may base its proprietary security somewhat on JAAS, or it may support some kind of bridge to JAAS, but neither of those things is required. – Arjan Tijms Aug 21 '16 at 15:26