How do I access JAAS roles at arbitrary point in the code?

Question

I want to access the full model of users with their roles in my SOAP app. For example, I might want to know the role of a user called "Fred."

How do I reach into some sort of global JAAS registry and do (pseudocode) globalRegistry.getUser("Fred").getPrincipals()? (Note that in JAAS, a role is represented by a Principal.)

I know how to get the Principal of the Subject from the LoginContext, but that has two problems.

1. It is only at the moment of login, and I'd prefer not to code the aforementioned registry and store the Subject and Principal objects myself, as they are already stored by the appserver.
2. Preferably, I want to be able to access this information even when Fred is not the current user.

I am using Jetty, but I presume that these behaviors are standard to JAAS.

Answer 1

We use a ThreadLocal variable to reference the current user as has been authenticated at the system entrypoint (a servlet or ejb in our case). This allows 'global' access to the current user. This is not directly tied to JAAS or any other security protocol, but can be initialized from them.

EDIT: The return from the ThreadLocal is the Subject for the current user.

Accessing other users would typically be done via some type of admin module.