Hi,
I'm using a single sign on product which has successfully passed the user and group information through to our app server (weblogic 8.1). My custom identity asserter and custom authenticator/login module have combined to set the user as the principal. No problem so far.
Then in my
servlet code, I can do a request.getUserPrincipal() and get the user no worries. Also in the servlet, I can retrieve the list of groups which have been passed in a server header variable from the security product. But how do I set these groups (currently they're just strings) as groups which my user belongs to? This would obviously be handy as it would then enable the usual
j2ee declarative security to automatically secure resources based on groups.
I don't have access to the
subject in the servlet, so I can't do subject.getPrincipals().add(myGroup).
Any ideas how this is supposed to work?
cheers,
Ian