3 Replies Latest reply on Jun 2, 2011 12:03 PM by m_m

GateIn 3.1 JAAS Role issue

m_m May 24, 2011 10:26 AM

Hi All,

I am in the middle of implementing a Login Module for GateIn. My gatein-jboss-beans.xml file looks like this:

	<login-module code="my.organization.gateInSecurityModule.login.SSOLoginModule" flag="required">
	</login-module>

	<login-module code="org.exoplatform.services.security.j2ee.JbossLoginModule" flag="required">
	<module-option name="portalContainerName">portal</module-option>
	<module-option name="realmName">gatein-domain</module-option>
	</login-module>

The SSOLoginModule class is a customized version of the class from sso-agent component from JBoss. So in this class I create the identity object as in the original, save it to the sharedState. Note that I also attach the roles to the identiy object.

(...)

identity.setRoles(roles);

(...)

sharedState.put("exo.security.identity", identity);

sharedState.put("javax.security.auth.login.name", username);

From what I have gathered , the JbossLoginModule uses identity.getRoles() to populate the subject.

        Set<Principal> principals = subject.getPrincipals();
        Group roleGroup = new JAASGroup(JAASGroup.ROLES);
        for (String role : identity.getRoles()) {
             System.out.println("===== attaching role : " + role);
             roleGroup.addMember(new RolePrincipal(role));
             principals.add(new RolePrincipal(role));
        }
        principals.add(roleGroup);
        principals.add(new UserPrincipal(identity.getUserId()));

So in theory, all wents well - the for loop iterates through all the roles I want it to iterate (around 20). However, when I want to check whether a user is a member of a specific role, it always fails (even when the role was added to roleGroup). I am checking in a portlet.

I try to use

rich:isUserInRole in JSF

and

request.isUserInRole(role)

Why are the user roles not available for checking ?

Thanks

1. Re: GateIn 3.1 JAAS Role issue

mwringe May 24, 2011 10:23 AM (in response to m_m)

What exactly is the question here?
Actions
2. Re: GateIn 3.1 JAAS Role issue

m_m May 24, 2011 12:34 PM (in response to mwringe)

I updated the my post to make it clear - clicked "post" too early before.
Actions
3. Re: GateIn 3.1 JAAS Role issue

m_m Jun 2, 2011 12:03 PM (in response to m_m)

Ok guys, the problem was that we have been using customized version of portal. The challenge was that we have around 20 portlets and 150 roles. To declare them in each portlet.xml would be a bad thing to do, also because there are more roles added as the project grows.

Solution was to modify the file:
http://anonsvn.jboss.org/repos/gatein/components/pc/tags/2.1.1-GA/portlet/src/main/java/org/gatein/pc/portlet/impl/jsr168/api/PortletRequestImpl.java

so that the function isUserInRole looks like this:

   public boolean isUserInRole(String roleName)
   {
      return securityContext.isUserInRole(roleName);
   }

M
Actions

Go to original post