问题
Good day! Do you explain for me? I have two servers - webseal and websphere 9.0. On websphere I exported ltpa key and enable security application check. On webseal I imported ltpa key. My code:
try {
Subject cs = WSSubject.getCallerSubject();
logger.info("subject: ", cs);
logger.info("subjectPrincipal: ", WSSubject.getCallerPrincipal());
Subject rs = WSSubject.getRunAsSubject();
logger.info("runSubject: ", rs);
Set securityCredentials = rs.getPublicCredentials(WSCredential.class);
WSCredential sc = (WSCredential) securityCredentials.iterator().next();
logger.info("securityCredential.getSecurityName(): ", sc.getSecurityName());
return cs != null;
} catch (Exception e) {
logger.error("Exception: ", e);
throw new SecurityException("Can't authorize subject");
}
In my log:
SecurityService : subject:
SecurityService : subjectPrincipal:
SecurityService : runSubject:
SecurityService : securityCredential.getSecurityName():
What's happened? Why my callerSubject != null, but in my log no more about secure details? Is it correct check of ltpa token?
来源:https://stackoverflow.com/questions/58960099/check-ltpa-token-between-webseal-and-websphere-9-0