2 Replies Latest reply on Nov 1, 2003 8:30 AM by juha

isUserInRole usage misunderstanding?

nik Oct 24, 2003 3:12 PM

Complete noob here so have some patience...

In login-config.xml I have a required DataBaseServerLoginModule pointing to my datasource, and I have a jboss-web.xml pointing to that app-policy. I am experimenting with a hardcoded
login

try {
String username = "java";
String password = "echoman";
SecurityAssociationHandler handler = new SecurityAssociationHandler();
SimplePrincipal user = new SimplePrincipal(username);
handler.setSecurityInfo(user, password.toCharArray());
LoginContext loginContext = new LoginContext("FooSecurity", (CallbackHandler)handler);
loginContext.login();
Subject subject = loginContext.getSubject();
Set principals = subject.getPrincipals();
principals.add(user);
} catch (LoginException x) {
x.printStackTrace();
}

Everything seems to go just fine (changing the password gives exception so lookup is OK) but request.isUserInRole("in_the_db") still returns false on the next JSP. How does the login info propagate to the request? Automatically? Or should I do something at login time?

Haven't tried any xml-descriptor based authorization yet, I would like to get this thing working first (actually interested in the struts-logic present-role usage but I think it depends on this)

Thanks in advance,
Nik

1. Re: isUserInRole usage misunderstanding?

nik Oct 29, 2003 12:30 AM (in response to nik)

Anyone?

As a summary: if a login succeeds without problems, are there any steps that have to been taken/configured before one can get a positive result from isUserInRole on a JSP page?
Actions
2. Re: isUserInRole usage misunderstanding?

juha Nov 1, 2003 8:30 AM (in response to nik)

Need more info on your custom login procedure, why are you manually adding the user principal to the subject's principal set, what does your handler implementation look like, where are you executing this code from?

-- Juha
Actions

Go to original post