Hi,

I am trying to understand how user roles work within GateIn and how they apply to isUserInRole. From my understanding so far the GateIn security model definable under 'user and groups management' sits on top of JAAS and standard JEE authentication. I am just a loss at how the two connect together and how isUserInRole fits into this picture.

I am trying to achieve functionality within a portlet that provides a different edit page based on who the user is. If the user has edit rights over the page the portlet is on (effectively an administrator) I would like the user to see page a otherwise I would like the users to see page b. My attempts so far have lead me to the following (I am using a standard deployment of GateIn with the standard users - for my tests I am loging in with the root user):

Portlet.xml

        <security-role-ref>
            <role-name>Admin</role-name>
        </security-role-ref>

        <security-role-ref>
            <role-name>Users</role-name>
        </security-role-ref>

Then in doEdit  prioir to passing off to the dispatcher I request:

if(request.isUserInRole("Admin"))

This call always returns false regardless of if I change the call to Users. Could anyone please advise where I am going wrong?