Dumping the contents of a JAAS Subject

In the last article, JAAS was introduced. An authenticated calling-entity (perhaps a user), has a JAAS Subject. This JAAS Subject contains some combination of Principals, Public Credentials, and Private Credentials. It can be very helpful to dump the contents of this JAAS Subject for debugging purposes.

Websphere uses JAAS as the bases of its Security Subsystem. So, a JAAS Subject is used to represent an authenticated user. Although, in Websphere, the J2SE Subject class is replaced with an IBM JAAS Subject, WSSubject, to overcome a limitation of the original Subject. WSSubject is part of the com.ibm.websphere.security.auth. More information about the Websphere use of JAAS can be found here. More information about retrieving information from a Websphere WSSubject can be found here and here.

The following code can dump information in a JAAS Subject. It is important to understand that since Public and Private Credential objects are implementation dependent, reading the contents of these objects is beyond the ability of this code. But, it will call toString() on each of the objects. This will only produce an address in Heap memory and a classname, if not overwritten.

public void dumpSubject()
{
Subject subject = lc.getSubject();
System.out.println(“Full dump of JAAS Subject”);
System.out.println(“JAAS Subject: ” + subject);
Set principals = subject.getPrincipals();
Iterator principalsIter = principals.iterator();
while(principalsIter.hasNext())
{
Principal p = principalsIter.next();
System.out.println(“Principal: ” + p.getName());
}
System.out.println(“Public Credentials: “);
Set publicCredentials = subject.getPublicCredentials();
Iterator publicCredentialsIter = publicCredentials.iterator();
while(publicCredentialsIter.hasNext())
{
Object pc = publicCredentialsIter.next();
if(pc != null)
{
System.out.println(“Public Credential Classname: ” + pc.getClass().toString());
System.out.println(“Public Credential: ” + pc.toString());
} else {
System.out.println(“Null object”);
}
}
System.out.println(“Private Credentials: “);
Set privateCredentials = subject.getPrivateCredentials();
Iterator privateCredentialsIter = privateCredentials.iterator();
while(privateCredentialsIter.hasNext())
{
Object pc = privateCredentialsIter.next();
if(pc != null)
{
System.out.println(“Private Credential: ” + pc.toString());
} else {
System.out.println(“Null object”);
}
}
}