6 Replies Latest reply on May 28, 2006 9:02 AM by bezdomny

getting the role name after form login

bezdomny May 27, 2006 10:04 AM

I apologize if this is dumb, but I'm sucessfully logging in with the DatabaseLoginModule, but now how do I get the name of the role? I want to display the role name on the web page. I know I can get the userid from request.getUserPrincipal().getName() but should I use this and is there something similar for getting the authenticated user's role? Thanks for the help,

Bob

1. Re: getting the role name after form login

j2ee_junkie May 27, 2006 5:38 PM (in response to bezdomny)

Bob,

It is O.K. to use request.getUserPrincipal to get your userid. However, there is no Java EE standard for getting the user's role. You can ask if the user is in a certain role using request.isUserInRole(). JBoss does offer the ability to get to the authenticated Subject via a JNDI lookup. I think the name is "java:/jaas/your_securit_domain/subject", but I am not positive and I can't remember where I read that.

later, cgriffith
Actions

2. Re: getting the role name after form login

anil.saldhana May 27, 2006 5:49 PM (in response to bezdomny)

There is a JBoss specific way of doing this.

//Get the Authenticated Subject
Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");

//Now look for a Group called Roles
Set principals = subject.getPrincipals(Principal.class);
Iterator iter = principals.iterator();
while(iter.hasNext())
{
 Principal p = (Principal)iter.next;
 if(p instanceof SimpleGroup)
 {
 SimpleGroup sg = (SimpleGroup)p;
 if("Roles".equals(sg.getName())
 //we got the roles
 }
}

The flip side is that this gives all the roles the user belongs to.

3. Re: getting the role name after form login

bezdomny May 27, 2006 7:28 PM (in response to bezdomny)

Thanks so much for the replies. I'll try them out asap.

B
Actions
4. Re: getting the role name after form login

anil.saldhana May 28, 2006 12:36 AM (in response to bezdomny)

With a recent use of the JBossGenericPrincipal as the holder of the roles, I am unsure if my earlier approach holds good. If JGP is the answer, then you will need a custom valve to get hold of the JGP from the catalina request object.
Actions
5. Re: getting the role name after form login

bezdomny May 28, 2006 12:38 AM (in response to bezdomny)

This code seems to work:

private void findRole() throws PolicyContextException {

// Get the Authenticated Subject
Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");

// Now look for a Group called Roles
Set principals = subject.getPrincipals(Principal.class);
Iterator iter = principals.iterator();
while(iter.hasNext()) {
Principal p = (Principal)iter.next();
if(p instanceof SimpleGroup) {
SimpleGroup sg = (SimpleGroup)p;
if("Roles".equals(sg.getName())) {
Enumeration en = sg.members();
while(en.hasMoreElements()) {
String role = en.nextElement().toString();
if(role != null) {
setRole(role);
}
}
}
}
}
}
Actions
6. Re: getting the role name after form login

bezdomny May 28, 2006 9:02 AM (in response to bezdomny)

Does anyone think this code is off-base? It seemed to me that the only way to get the role, once the correct group was discovered, was to loop over the Enumeration of members. For me this will be ok since the users of my app won't have multiple roles assigned to them. Unless someone has a better way or there is a problem with this, I'm going to use it for now. Thanks again for the replies and help.

B
Actions

Go to original post