Retrieving Elytron SecurityContext with JNDI

[Mansour Al Akeel]

Hello,

We have spring application, running in wildfly. I am investigating the possibility of using  elytron with spring.

Ultimately I would like to retrieve the securityContext/Security Prinicipal in spring. If this can be done with JNDI then this is a good starting point.

Thank you.

[Diana Krepinska]

Hi Mansour, the security context can be injected with an annotation and you can obtain a principal from it https://jakarta.ee/specifications/security/2.0/apidocs/jakarta/security/enterprise/securitycontext#getCallerPrincipal()

[Mansour Al Akeel]

Hello Diana,

Unfortunately, this did not work. I am not sure what annotations to use. In all cases either of them is injecting nothing, and the reference is null.

@Context and @Inject does not inject anything.

@Resource, is the SecurityContext considered a resource ? In either cases, this was not attainable.

If I can retrieve a reference to Elytron, then I might be able to make it available through Spring. But this did not work.

[Diana Krepinska]

Hi Mansour,

I am not sure about spring, but obtaining of SecurityContext can be seen in wildfly quickstarts, for example: https://github.com/wildfly/quickstart/blob/main/ee-security/src/main/java/org/jboss/as/quickstarts/ee_security/SecuredServlet.java and in elytron-examples: https://github.com/wildfly-security-incubator/elytron-examples . Make sure your app is secured when using these annotations