2 Replies Latest reply on Jan 27, 2006 6:11 AM by xmaniac

    JBossRenderRequest.isUserInRole() bugged?

    mvoopentext

      Using the current unmodified portal 2.2RC1( bundled with jboss ) the call JBossRenderRequest.isUserInRole("Admin") fails, although i am logged in with the default admin account.

      I expected that call to return true!?

        • 1. Re: JBossRenderRequest.isUserInRole() bugged?

          we expect you respect the spec in return.

          your role must be declared in portlet.xml in the security constraint section.

          • 2. Re: JBossRenderRequest.isUserInRole() bugged?
            xmaniac

            I have a similar problem. I'm developing a JSR 168 portlet so I just want to use standard libraries / methods.

            I've tried to get the role of the user to no avail yet.

            1) Via portlet.xml and userinfo won't work
            <user-attribute>
            user.role
            </user-attribute>

            2) Via request.isUserInRole("Editor") always false
            2.1) If I add (to web.xml)
            <security-constraint>
            <display-name>Restrict access Edit / Admin JSP pages</display-name>
            <web-resource-collection>
            <web-resource-name>Restrict access to JSP pages</web-resource-name>
            <url-pattern>/jsp/NewEdit.jsp</url-pattern>
            </web-resource-collection>
            <auth-constraint>
            <role-name>Editor</role-name>
            </auth-constraint>
            </security-constraint>
            <security-role>
            <role-name>Editor</role-name>
            </security-role>

            I get more of the same.

            So I'm stuck. Any help getting the role list?

            XMaNIaC
            ======