-
1. Re: Change a user role dynamically
theute Apr 4, 2006 8:45 AM (in response to merlith)I can't reproduce it.
Why i did from a fresh install:
- logged in as "admin"
- added the Admin role to the user "user"
- logged out
- logged in as "user"
-> i have the "Admin" privileges since i can access the management pages.
You are the second one to report that problem, but i cannot reproduce it :( -
2. Re: Change a user role dynamically
danny_hon Apr 5, 2006 2:27 PM (in response to merlith)Consider me the third person. I have the same problem.
-
3. Re: Change a user role dynamically
starksm64 Apr 5, 2006 2:39 PM (in response to merlith)Post details of how to reproduce it please.
-
4. Re: Change a user role dynamically
danny_hon Apr 5, 2006 4:57 PM (in response to merlith)I thought it was specific to our portal. Then I tried to use the default portal, it has the same effect. To reproduce it:
1. Login as "user" from a new browser.
2. Login as "admin" from a new browser, and grant "user" administrators rights.
3. Login as "user" again from a new browser. It still have no access to administrators page.
It does not matter whether I do logout or not. -
5. Re: Change a user role dynamically
cpage Apr 5, 2006 5:11 PM (in response to merlith)i tried to explain it last week in this post :
http://jboss.org/index.html?module=bb&op=viewtopic&t=80165
but my english is quite bad, so :p
i had the same problem.
easy way to reproduce it:
add a portlet with a security contraint, and a role like "myrole"
connect as admin.
add role "myrole" to admin user, and try to see the new added portlet without disconnect. -
6. Re: Change a user role dynamically
kerekesb Apr 7, 2006 4:25 AM (in response to merlith)I have the same problem. JBoss AS 4.0.3SP1 and JBoss Portal 2.2.1RC3.
-
7. Re: Change a user role dynamically
theute Apr 7, 2006 5:05 AM (in response to merlith)Please fill a Jira task.
-
8. Re: Change a user role dynamically
danny_hon Apr 10, 2006 2:08 PM (in response to merlith)Jira created:
http://jira.jboss.com/jira/browse/JBPORTAL-818 -
9. Re: Change a user role dynamically
cpage Apr 10, 2006 3:17 PM (in response to merlith)there are two problems in fact.
first, the role are changed with the role module but the jaas subject is not affected, so the roles will not be change until the user will reconnect.
second, logout didn't work, so the user don't see the changes until his session goes down and he has to reconnect.
If you modify the portlet to change the role in the simplegroup "roles" of the jaas subject, it works. -
10. Re: Change a user role dynamically
merlith Apr 11, 2006 4:47 AM (in response to merlith)"cpage" wrote:
there are two problems in fact.
If you modify the portlet to change the role in the simplegroup "roles" of the jaas subject, it works.
Did you modified it? So, where should we change the portlet?
regards
MB -
11. Re: Change a user role dynamically
danny_hon Apr 12, 2006 5:00 PM (in response to merlith)I don't understand what you meant. Can you please elaborate?
-
12. Re: Change a user role dynamically
merlith Apr 13, 2006 5:18 AM (in response to merlith)cpage wrote: "If you modify the portlet to change the role in the simplegroup "roles" of the jaas subject, it works. "
So i want to know when the roles might be changed dynamically, because now if i change a role for a user, the user has old role as soon as I restart JBoss.
Is it posible without changing source code? Is it a bug?
P.S. Maybe it depend of hibernate cache?
regards
MB -
13. Re: Change a user role dynamically
cpage Apr 13, 2006 7:48 AM (in response to merlith)I have made a preference portlet where an user can change his context.(
a context is a set of role)
I get the Jaas subject and modify his simplegroup "roles"Subject sub = (Subject)PolicyContext.getContext("javax.security.auth.Subject.container");
if the SimpleGroup sg, contains the "roles" group, i have for example :Principal p = new SimplePrincipal("newRole"); sg.addMember(p);
after that, the user can see all the portlets (or page or what you want) with "newRole" security constraint.
in the user portlet or role portlet, the Rolemodule and the UserModule update the DB, but i don't saw in the code that they update the Subject too.
hope this help ! -
14. Re: Change a user role dynamically
merlith Apr 14, 2006 3:55 AM (in response to merlith)sg is a Set class and Subject? Could u send a full package name?
reg.
MB