1 Reply Latest reply on Dec 26, 2016 9:50 AM by kmranganathan

Custom Authorizer does not work

kmranganathan Nov 1, 2016 5:35 AM

Hi,

I use one of the PL quickstarts - picketlink-authentication-jsf - and then add a custom authorizer. As the authentication in this example does not use any IDM, I want to do the same for authorization.

My config is like this:

SecurityConfigurationBuilder builder = event.getBuilder();
builder.http()
  .forPath("/admin/*")
  .authorizeWith().role("ADMIN").authorizer(CustomPathAuthorizer.class)
  ;

And then, my custom path authorize method is a trivial one:

if(((User)(identity.getAccount())).getLoginName().contains("admin")) {
  return true;
}
return false;

No matter which user I logon to (jsmith or another user named admin1), I get a forbidden to the admin page. I have added a sysout and can see that, the authorize method returns true (and my admin.xhtml is placed inside the admin folder).

Please do provide me with some pointers, thanks.

(note: there is a similar thread done last year, but doesn't answer my question: Authorization for URLs with Login Form )

1. Re: Custom Authorizer does not work

kmranganathan Dec 26, 2016 9:50 AM (in response to kmranganathan)

bump...

any pointers on how to solve this?
Actions