Combining Struts and JAAS
fvzv Sep 3, 2003 2:02 PMHello,
How can I make use of the credentials data from a JAAS login in the JSP/Struts side of an application.
I successfully implemented a JAAS login. Security on the EJB sides behaves as expected (i.e. users in proper roles can executes ejb methods, others not).
But, it seems like the Web side does not know anything of the JAAS login. Indeed, I wrote the following Custom Tag that is supposed to process its body only if the users is in any of the sepcified roles. But its turns out that the HttpServletRequest.getUserPrincipal always returns null, while on the EJB side everything is fine.
Does any one knows a good tutorial about the integration of JAAS and struts with JBOSS
Regards
public class IfCallerInRoleTag extends ExTagSupport {
final private static Logger LOGGER = Logger.getLogger(IfCallerInRoleTag.class);
/** Properties **/
private StringTokenizer roles;
protected void clearProperties() {
super.clearProperties();
this.roles = null;
}
public int doStartTag() throws JspException {
LOGGER.info("[IN] doStartTag()");
int result;
HttpServletRequest request = (HttpServletRequest) pageContext.getRequest();
if (isCallerInRole(request)) {
result = EVAL_BODY_INCLUDE;
} else {
result = SKIP_BODY;
}
if (LOGGER.isDebugEnabled()) LOGGER.debug("Return Value [" + result + "]");
LOGGER.info("[OUT] doStartTag()");
return result;
}
public void setRoles(String pRoles) {
if (pRoles != null && ! "".equals(pRoles.trim()) ) {
roles = new StringTokenizer(pRoles, ",");
} else {
roles = null;
}
}
private boolean isCallerInRole(HttpServletRequest request) {
LOGGER.info("[IN] isCallerInRole(HttpServletRequest request)");
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Principal Name [" + request.getUserPrincipal() + "]");
}
if (roles == null) return true;
boolean isCallerInRole = false;
String token;
while (roles.hasMoreTokens() && ! isCallerInRole) {
token = roles.nextToken().trim();
LOGGER.debug("Role [" + token + "]");
isCallerInRole = request.isUserInRole(token);
}
if (LOGGER.isDebugEnabled()) LOGGER.debug("Is caller in role? [" + isCallerInRole + "]");
LOGGER.info("[OUT] isCallerInRole(HttpServletRequest request)");
return isCallerInRole;
}
}