1 Reply Latest reply on Aug 12, 2012 9:05 PM by ericasmith

    ACL requires Identity, how do I get this?

    ericasmith
    ericasmith Aug 10, 2012 2:34 AM

      Hi all,

       

      I apologize in advance for what is most likely a very newbie-ish question.

       

      I'm trying to use the role based ACL support in my JBoss AS 6.1 webapp. I've been loosely following the instructions here:

      http://server.dzone.com/articles/security-features-jboss-510-3

       

      The difficulty I have encountered is that the ACL library verifies against an Identity. In all of the examples I've found, the identity is constructed within the test method, but I would like to use the currently logged in user.

       

      From the request, I am able to get the user Principal. From the SecurityContext I'm able to get the SecurityIdentity and the Subject. Unfortunately, I can't seem to find any way to get hold of the current user's 'Identity' for the ACL AuthorizationManager manager to verify against.

       

      Could anyone point me in the direction of a function or code snippet which shows how to get the currently logged in user's identity from a ServletRequest?

       

      Thank you in advance,

      Erica

        • 1. Re: ACL requires Identity, how do I get this?
          ericasmith
          ericasmith Aug 12, 2012 9:05 PM (in response to ericasmith)

          In the absence of a more elegant answer, I'm using the below. This seems fragile, and depends on the implementation of principals to remain unchanged, but will do as a stop gap...

           

              public static Identity getIdentity()
    {
        Principal callerPrincipal = SecurityAssociation.getCallerPrincipal();

        if(callerPrincipal == null)
        {
            return ANONYMOUS_IDENTITY;
        }

        try
        {
            String           name       = callerPrincipal.getName();
            RoleGroup        roles      = RoleFactory.createRoleGroup("RoleGroup");
            Set rolegroups = SecurityAssociation.getSubject().getPrincipals(SimpleGroup.class);

            for(SimpleGroup group : rolegroups)
            {
                Enumeration members = group.members();

                while(members.hasMoreElements())
                {
                    roles.addRole(RoleFactory.createRole(members.nextElement().getName()));
                }
            }

            return IdentityFactory.createIdentityWithRole(name, roles);
        }
        catch(Exception e)
        {
            throw new EJBAccessException("User's identity could not be determined: " + callerPrincipal.getName());
        }
    }
            • Actions