0 Replies Latest reply on Jun 5, 2006 8:01 AM by lost_traveller

    Custom Security - RealmMapping.doesUserHaveRole() has null p

    lost_traveller
    lost_traveller Jun 5, 2006 8:01 AM

      After looking through various tutorials and documentation, I am still lost.

      I'm trying to implement custom authentication and authorization, I have created a RealmMapping, but it is being passed a null Principal in realmMapping.doesUserHaveRole(principal, methodRoles) , any ideas why this would be? What am I missing?

      This is the code I am using:

      public class MySecurityManager extends JaasSecurityManager
{
...
 public boolean doesUserHaveRole(Principal principal, Set rolePrincipals)
 {
 MySecurityInterface mySec = MySecurityFactory.getMySecurity();

 if(rolePrincipals!=null)
 {
 for (Iterator iter = rolePrincipals.iterator(); iter.hasNext();)
 {
 Principal role = (Principal) iter.next();

 // custom security code to check if the user have the required role
 if( mySec.isUserInRole(principal, role.getName()))
 {
 return true;
 }
 }
 }
 return false;
 }
}


      Also I need to check to see if a user has a specific role to access an EJB method at runtime (i.e. when each EJB method is called), as the roles a user has can change from minute to minute, whilst they are logged in, is using a RealmMapping (i.e the code above) the correct way of achieving this?

      • 1960 Views
      • Tags: