API for Assumed Identity (run-as) support

To programmatically change the currently active subject, at the moment you have to use the following Geronimo-proprietary code:

ContextManager.registerSubject(subject);
Callers oldCallers = ContextManager.pushNextCaller(subject);
try
{
// secure code
}
finally
{
ContextManager.popCallers(oldCallers);
}

(see http://www.nabble.com/NPE-in-ContextManager.getCurrentContext-ts24645453s134.html)

There should be a simpler (less Geronimo-dependend code) API analog to javax.security.auth.Subject.doAs()
(http://java.sun.com/javase/6/docs/api/javax/security/auth/Subject.html#doAs%28javax.security.auth.Subject,%20java.security.PrivilegedExceptionAction%29)

This API itself cannot be used, see http://publib.boulder.ibm.com/infocenter/wasinfo/v5r1//index.jsp?topic=/com.ibm.websphere.base.doc/info/aes/ae/rsec_jaasauthor.html
http://www.nabble.com/security-propagation-from-JAAS-context-to-EJB-question-ts24091806s134.html

An API for Assumed Identity (run-as) support could be implemented like

public <T> T doAs(Subject subject, PrivilegedExceptionAction<T> action)
throws PrivilegedActionException
{
T t = null;

ContextManager.registerSubject(subject);
Callers oldCallers = ContextManager.pushNextCaller(subject);
try

{ t = action.run(); }

catch (Exception e)

{ throw new PrivilegedActionException(e); }

finally

{ ContextManager.popCallers(oldCallers); }

return t;
}

This code could be put into a method of ContextManager or into a new class org.apache.geronimo.security.Security.
This would still create a non-portable dependency to Geronimo in user code.

You would use it like

LoginContext lc = new LoginContext("geronimo-admin", handler);
lc.login();
Subject subject = lc.getSubject();
String s = doAs(subject, new PrivilegedExceptionAction<String>()
{
public String run() throws Exception

{ return null; // secure code }

});

This would be analogous to similar APIs in Weblogic Server or Websphere AS.