4 Replies Latest reply on Jun 21, 2005 3:55 AM by asv

Security in Portal

asv Jun 20, 2005 4:18 AM

JBoss Portal uses own security mechanism. I need a portable application.

I have tried to use PortlaRequest.isUserInRole() But it doesn't work.
Will this method work in release of JBoss Portal? May I'm doing something wrong...

I'm using RC3.

1. Re: Security in Portal

roy.russo Jun 20, 2005 12:38 PM (in response to asv)
Describe what is "it doesnt work". Are you doing something like:

String role = req.getParameter("role"); if (req.isUserInRole(role)) { // blah }
Actions

2. Re: Security in Portal

asv Jun 21, 2005 2:40 AM (in response to asv)

public void doView(RenderRequest pRequest, RenderResponse pResponse) throws PortletException, IOException {
 PortletContext context = getPortletContext();
 PortletRequestDispatcher rd = context.getRequestDispatcher(HELLO_TEMPLATE);

 pRequest.setAttribute("UserName", pRequest.getRemoteUser());
 pRequest.setAttribute("IsUserInAdminRole", String.valueOf(pRequest.isUserInRole("Administrators")));
 pRequest.setAttribute("IsUserInRole", String.valueOf(pRequest.isUserInRole("ByBusinessRole")));

 rd.include(pRequest, pResponse);
 }

IsUserInAdminRole and IsUserInRole are FALSE for admin and for user which is in ByBusinessRole

3. Re: Security in Portal

asv Jun 21, 2005 3:53 AM (in response to asv)

I've found topic http://www.jboss.com/index.html?module=bb&op=viewtopic&t=61109

No, isUserInRole is JSR168 compliant,if it returns always false, it could be a bug, we are not using that feature, we will look at it.

it is a big in the tomcat/jboss integration.

it has been fixed in jboss-4.0.2beta (not out yet but soon). I have had not tested it yet personnally.

Have you fixed the problem?
Actions
4. Re: Security in Portal

asv Jun 21, 2005 3:55 AM (in response to asv)

Is there another way to acess user profile and to get users role?
Actions

Go to original post