5 Replies Latest reply on Oct 22, 2003 4:23 PM by ebdr

    How to getRoles() from Session EJB

    ebdr

      Hi,

      I need to get all the current user's roles in an EJB in order to decide return proper data only if the user has rights on it. I cannot use the isUserInRole() method because I don't know the role names. I could get the roles from the datasource (LDAP or Database) but I wanted to avoid this step in order to be independant from the users/roles management.

      Thank you for your help!

      Eric

        • 1. Re: How to getRoles() from Session EJB
          wdrai

          The only way I've found to do this is:

          Subject subject = SecurityAssociation.getSubject();
          Set principals = subject.getPrincipals(java.security.acl.Group.class);
          ..iterate to find the group named 'Roles'
          group.getMembers() then contains a list of Principals which names are the role names.

          It is JBoss-specific but the EJB spec does not provide a standard way for retrieving role names.

          Hope this helps.
          William

          • 2. Re: How to getRoles() from Session EJB

            Yes SecurityAssociation is correct.

            • 3. Re: How to getRoles() from Session EJB
              ebdr

              great thank you very much.....

              Eric

              • 4. Re: How to getRoles() from Session EJB
                ebdr

                Hi,

                It seems that this code is giving me inconsistant results.

                Subject subject = SecurityAssociation.getSubject();
                sometimes returns null or the improper subject. This is a big problem for me since unauthenticated users will sometimes be seen as authenticated.

                I have noticed that if no users have logged in, then no unpredictable results occur. But if, user A (browser on separate machine) logs in, then user B (unauthenticated) will sometimes take on the identity of user A.

                Here is my code (it lives in a stateless session bean):

                public Vector getRoles() {
                Vector roles = new Vector();
                String principal = null;
                if (SecurityAssociation.getPrincipal() == null) {
                principal = this.sessionCtx.getCallerPrincipal().getName();
                } else {
                principal = SecurityAssociation.getPrincipal().getName();
                }
                Subject subject = SecurityAssociation.getSubject();

                if (subject == null) {
                log.debug("subject is NULL for: "+principal);
                roles.add("guest");
                return roles;
                }

                Set principals = subject.getPrincipals(Group.class);

                // iterate to find the group named 'Roles'
                Iterator it = principals.iterator();
                while (it.hasNext()) {
                Group group = (Group) it.next();
                if ("Roles".equals(group.getName())) {
                Enumeration enum = group.members();
                while (enum.hasMoreElements()) {
                Principal role = (Principal) enum.nextElement();
                roles.add(role.getName());
                }
                }
                }

                return roles;
                }

                thank you again for your help.
                Best regards,

                Eric

                • 5. Re: How to getRoles() from Session EJB
                  ebdr

                  found the answer in this thread, thank you very much:
                  http://www.jboss.org/modules/bb/index.html?module=bb&op=viewtopic&t=