-
1. Re: Roles and LoginModule
julien1 Jul 25, 2005 6:37 PM (in response to patrickdalla)great to hear that, that's a very good news, can you contribute it to the codebase ?
where do you have that issue ? is it with isUserInRole(String roleName) ? -
2. Re: Roles and LoginModule
patrickdalla Jul 26, 2005 11:05 AM (in response to patrickdalla)Well,
when I use<%=request.isUserInRole("Authenticated")%>
it returns false.
when I execute the code<% InitialContext iniCtx = new InitialContext(); // do we need the 'java:comp/env' prefix ? TODO Context securityCtx =(Context) iniCtx.lookup("java:comp/env/security"); JaasSecurityManager authMgr = (JaasSecurityManager) securityCtx.lookup("securityMgr"); if(authMgr!=null){ %> <%=authMgr.getSecurityDomain()%><br> <% Iterator i = authMgr.getUserRoles(request.getUserPrincipal()).iterator(); while(i.hasNext()){ Principal p = (Principal) i.next(); %><%=p.getName()%><br><% } } %>
All the groups of the user in the Active Directory are displayed.
What can be the problem. Is isUserInRole the correct function to use?
Abaout the code I can send to you. But I'm still working on it and it is not so parameterized yet.
How can I send it to you? -
3. Re: Roles and LoginModule
patrickdalla Jul 26, 2005 11:06 AM (in response to patrickdalla)Just to complement the previous message, there is an Authenticated group in AD and the user I log is member of this group.
-
4. Re: Roles and LoginModule
julien1 Jul 26, 2005 4:56 PM (in response to patrickdalla)send it to my email so I can look at the mysterious ldap (russo style : julien AT jboss DOT org)
-
5. Re: Roles and LoginModule
julien1 Jul 26, 2005 5:00 PM (in response to patrickdalla)if you test that from a portlet you need to :
1/ put the role in portlet.xml where your portlet access it<security-role-ref> <role-name>Authenticated</role-name> </security-role-ref>
2/ have your jaas Subject have a group called "Roles" that contains a principal called "Authenticated"
you can look at the TestPortlet in branch 2.0 which does that -
6. Re: Roles and LoginModule
patrickdalla Aug 10, 2005 11:51 AM (in response to patrickdalla)I have done both and it continues not to work.
-
7. Re: Roles and LoginModule
patrickdalla Aug 10, 2005 1:30 PM (in response to patrickdalla)As I've seen in org.jboss.portal.portlet.impl.PortletRequestImpl code, a call to isUserInRole("rolename") will return true only if the role is mapped in portlet.xml <security-role-ref>.
But my portlet security needs to be more dynamic. Roles are created and configured online and the portlet need to know his membership without any change in portlet.xml.
How can I do this? -
8. Re: Roles and LoginModule
julien1 Aug 10, 2005 2:26 PM (in response to patrickdalla)that feature could be added in the specific deployment descriptor of jboss saying that if nothing is found in portlet.xml then delegate directly to req.isUserInRole() of the servlet request.
-
9. Re: Roles and LoginModule
patrickdalla Aug 10, 2005 2:40 PM (in response to patrickdalla)in which specific deployment descriptor??
-
10. Re: Roles and LoginModule
patrickdalla Aug 11, 2005 10:11 AM (in response to patrickdalla)How I configure this feature???
-
11. Re: Roles and LoginModule
hkuegel Aug 12, 2005 9:55 AM (in response to patrickdalla)Hi,
I use the JBOSS LdapLoginModule and have the same problem (authentication works, but no roles). I also added the security-role-ref in portlet.xml.
If i use the LdapLoginModule in a plain web application everything works fine, so i guess it's a JBoss Portal problem.
Please let me know if you have a solution.
thanks,
Harald -
12. Re: Roles and LoginModule
antoine_h Apr 17, 2007 5:30 AM (in response to patrickdalla)could be a way for the workaround of this need, in :
http://jboss.org/index.html?module=bb&op=viewtopic&p=4037894#4037894
what are the classes/services involved in this ?
either the portlet instanciation from the descriptor ?
or where to change things to adapt the behavior of "isUserInRole" method ?
Thank you.