Asserting an un-authenticated principal

Forum|Forum|12 years ago
February 15, 2013
0 replies
0 views

Dominique Sacre
Rocketeer

Problem:

Asserting an un-authenticated principal

Resolution:

Product: BES 5.1
Component: Security

It is possible to take a string representing a userid and create a wallet, bypass the authentication statement below and create a principal to assert the identity:

 IdentityWallet wallet = new IdentityWallet(userName, password.toCharArray(), AUTHENTICATION_REALM); 
 try { 
   Principal userPrincipal = securityContext().authenticate(wallet);
   securityCurrent().assert (userPrincipal); 
 }

Note: import_wallet method will imports an identity into the system. This DOES NOT authenticate the user represented by the given wallet, but returns a principal representing the user.You can make use of the import_wallet method to perform the above described operation. As regarding to the password, it might be advisable to put an empty string instead of null to avoid the NullPointerException. However, the resulted principal object should not have any groups associated with it, you all needed is to cast it to com.borland.security.provider.VisiPrincipal then use the setMultivaluedAttribute method to set the group permissions.

Old KB# 15511

#Security
#BES
#VisiBroker

Problem:

Resolution:

Recent badge winners

Sign up

Please log in or register:

Welcome to the Rocket Forum!

Please log in or register:

Scanning file for viruses.

This file cannot be downloaded