-
1. Re: isCallerInRole(...) returns wrong result
Could you please provide more information about the security configuration for you application? I'm particularly interested in the security domain config with its login modules.
-
2. Re: isCallerInRole(...) returns wrong result
I'm using the predefined security domain other and added the user's with the JBOSS_HOME/add_user.bat Scritpt to the ApplicationRealm.
standalone-full.xml snippet:
<subsystem xmlns="urn:jboss:domain:security:1.1">
<security-domains>
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="RealmUsersRoles" flag="required">
<module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>
<module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>
<module-option name="realm" value="ApplicationRealm"/>
<module-option name="password-stacking" value="useFirstPass"/>
<module-option name="unauthenticatedIdentity" value="guest"/>
</login-module>
Servelt snippet:
@ServletSecurity(@HttpConstraint(rolesAllowed = {"Customer", "VIP"}))
public class LoginServlet extends HttpServlet {
-
3. Re: isCallerInRole(...) returns wrong result
Problem solved.
When adding the roles of the user sam, i added a blank after the first role like this "Customer, VIP", which leaded to the described problem.
The roles must be added (with the add_user.bat/sh) without any blanks, i.e. like this "Customer,VIP". This way, the isCallerInRole() works fine.