-
1. Re: isUserInRole(String role) doesn't work
julien1 Oct 21, 2005 5:26 AM (in response to xgj6688)yes you need to put the role name in the section portlet of the portlet.xml deployment descriptor
-
2. Re: isUserInRole(String role) doesn't work
patrickdalla Oct 21, 2005 10:58 AM (in response to xgj6688)Well, Julien is correct.
But I think this behavior is not the best behavior.
Roles and role membership can be created after the portlet is deployed, and sometimes the portlet needs to know the existence of this changes without change in its configuration and redeploy.
It would be nice to change this behavior in next releases.
I had to change JBoss portal code and recompile to change this behavior. -
3. Re: isUserInRole(String role) doesn't work
julien1 Oct 22, 2005 6:13 PM (in response to xgj6688)this is what the spec says though ....
-
4. Re: isUserInRole(String role) doesn't work
xgj6688 Oct 24, 2005 3:06 AM (in response to xgj6688)Thanks Julien and Patrick, your replies really make my understanding more clearly.
-
5. Re: isUserInRole(String role) doesn't work
antoine_h Apr 17, 2007 5:23 AM (in response to xgj6688)Hello,
an old topic, but I still have the same need.
the spec is nice.
--------------------------------------------------------------------------
it allows that the portlet knows what features it provide, and what it's portlet-roles are needed for thoses.
then the portlet declaration allows to map the application roles (user roles) to theses features specific roles.
example :
Portlet has two features :
delete some record, with role authorization PRoleA
create a business process, with role authorization PRoleB
all other features are allowed to PRoleC
then, mapping of role allow to set, for use of this portlet in any application (portal), to map the users roles to theses three "portlet features roles".
As : URole_Admin to PRoleA, PRoleB, PRoleC
URole_BP_Manager to PRoleB, PRoleC
URole_Editor to PRoleA, PRoleC
and so on...
Advantages :
Decouple of roles, between "portlet features roles" and application user roles,
Allow to provide a portlet to "others" without knowing the user roles in the application/portal.
nice.
--------------------------------------------------------------------------
but, it is quite heavy to manage. It forces to declare explicitly all roles that must be available inside the portlet.
Use Case
--------------------------------------------------------------------------
20 to 30 roles
15 to 30 portlets
to manage either :
- internal users features (admin, manager, editor, data validator, hotliner for user),
- and external user features (visitor, loggued user of customer type A, loggued manager of customer type A, ... for customer type B and C).
and in the situation where portlets are dedicated to this application : ie, there is identity between portlet features roles and application user roles.
Example : they are developped specifically for this application.
--------------------------------------------------------------------------
Then, the decoupling is a heavy overhead.
The descriptors become a huge XML file of repeating the associations of roles, always the same. (30 portlets x 30 role-ref items !).
Maintenance and evolution is heavy, and bug generating.
Proposition :
--------------------------------------------------------------------------
To allow to define identity of role, for a bunch of them.
Using a regular expression, or at least wildcards.<security-role-ref> <role-name>*</role-name> <role-link>*</role-link> </security-role-ref>
--------------------------------------------------------------------------
This would lightened the constraint to declare all explicitly, with preserving the nice decoupling capability (for commercial portlets, etc...).
Questions 1 :
How to send this request to the spec definition group ?
Questions 2 :
How to workaround this for the time being ?
What class is responsible for reading the descriptor and set the role visible in the portlets ?
To overload it, knowing it is not JSR-168 compliant...
Thanks, -
6. Re: isUserInRole(String role) doesn't work
julien1 Apr 18, 2007 3:06 PM (in response to xgj6688)I think that the real issue needs to be adressed at the Servlet Spec level.
The portlet container itself is just delegating to the servlet request the isUserInRole(String roleName) method.
The only issue today I see with portlet container is that if the role is never specified in the portlet.xml then the portlet container will not make an access to the isUserInRole(String roleName) of the HttpServletRequest object provided at runtime. -
7. Re: isUserInRole(String role) doesn't work
julien1 Apr 18, 2007 3:07 PM (in response to xgj6688)Here is the implementation of isUserInRole(String roleName) :
public boolean isUserInRole(String roleName) { // Get the map role name to role link Map securityRoleRefsMap = ((PortletContainerImpl)((ContainerPortletInfo)(PortletInfo)invocation.getAttribute(PortletInvocation.INVOCATION_SCOPE, PortletContainerInvoker.PORTLET_CONTAINER_INFO)).getContainer()).getSecurityRoleRefsMap(); // Process the role link String roleLink = (String)securityRoleRefsMap.get(roleName); if (roleLink == null) { if (securityRoleRefsMap.containsKey(roleName)) { // The role name exist without a role link value return securityContext.isUserInRole(roleName); } else { // No role name is defined return false; } } else { // We have the role link value return securityContext.isUserInRole(roleLink); } }
-
8. Re: isUserInRole(String role) doesn't work
chennaikar Aug 28, 2007 6:37 PM (in response to xgj6688)I know that this question has been answered many times, but I cant seem to make it work so please help me.
I read PLT.20.3
I have update portlet.xml and added my role<security-role-ref> <role-name>myrole</role-name> <role-link>myrole</role-link> </security-role-ref>
I have updated web.xml and added my role<security-role> <role-name>myrole</role-name> </security-role>
I have entered the value in the jbp_roles table
Since I am logging in against LDAP I am sure I am getting the role in the profile.
Yet I do not get isUserInRole("myrole") == true
Is there something I am missing?