0 Replies Latest reply on Apr 5, 2004 4:30 PM by mdrozd

    JBossSecurityManager question

    mdrozd

      Hi,

      I need to check some permissions inside servlet code.
      My solution was that i looked up "java:comp/env/security/securityMgr"
      and test:
      jsm.doesUserHaveRole(user, role)

      it works for me fine in jboss 3.2.4rc1 with tomcat, but it doesn't in jboss 3.2.4rc1 with jetty. The problem was, that getUserRoles(request.getUserPrincipal()) returns null, but if i checked request.isUserInRole (somerole) was true.

      I have some thoughts on this problem:

      1/ my JbossSecurityMgr "usage pattern" isn't good ;-)
      2/ there are some incopatibilities in current jetty (
      AFAIK last changes touched mainly abstractWebContainer code, but maybe some modifications in realm are also needed)
      3/ jboss realm in jetty doesn't support this type of permission checking at all.

      which one is true ??

      best regards,
      Michal