Our application uses JSF 2.2 and use glassfish 4 as the server. I need to add some object in the login module during authenticate user, so in the web application, the managed bean can retrieve that object.
In the loginModule I did the following (if it is not the case please tell me the right way to do):
_subject.getPublicCredentials().add(someObject);
But how can I retrieve it in ManagedBean. Any help will be much appreciated.
This is part of the JSR-115 specification JavaTM Authorization Contract for Containers. See section 4.6.1.1 Container Subject Policy Context Handler:
4.6.1.1 Container Subject Policy Context Handler
All EJB and Servlet containers must register a PolicyContextHandler whose getContext method returns a javax.security.auth.Subject object when invoked with the key “javax.security.auth.Subject.container”.
In your application, you can retrieve the object through the following commands:
import javax.security.jacc.PolicyContext;
Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
Note: the class should be added in get[Private|Public]Credentials() (with no args). The get[Public|Private]Credentials(Class<T>.class) generates a copy of the content, "filtering" the classes that are instances of the argument, serving only to retrieve saved classes.
Note: Not tested on JBoss, but I think it applies in the same way, based on JBoss Doc.
References: