4 Replies Latest reply on Jun 21, 2005 3:55 AM by Sergey A

    Security in Portal

    Sergey A Newbie

      JBoss Portal uses own security mechanism. I need a portable application.

      I have tried to use PortlaRequest.isUserInRole() But it doesn't work.
      Will this method work in release of JBoss Portal? May I'm doing something wrong...

      I'm using RC3.

        • 1. Re: Security in Portal
          Roy Russo Master

          Describe what is "it doesnt work". Are you doing something like:

           String role = req.getParameter("role");
           if (req.isUserInRole(role))
          // blah

          • 2. Re: Security in Portal
            Sergey A Newbie


            public void doView(RenderRequest pRequest, RenderResponse pResponse) throws PortletException, IOException {
             PortletContext context = getPortletContext();
             PortletRequestDispatcher rd = context.getRequestDispatcher(HELLO_TEMPLATE);
             pRequest.setAttribute("UserName", pRequest.getRemoteUser());
             pRequest.setAttribute("IsUserInAdminRole", String.valueOf(pRequest.isUserInRole("Administrators")));
             pRequest.setAttribute("IsUserInRole", String.valueOf(pRequest.isUserInRole("ByBusinessRole")));
             rd.include(pRequest, pResponse);

            IsUserInAdminRole and IsUserInRole are FALSE for admin and for user which is in ByBusinessRole

            • 3. Re: Security in Portal
              Sergey A Newbie

              I've found topic http://www.jboss.com/index.html?module=bb&op=viewtopic&t=61109

              No, isUserInRole is JSR168 compliant,if it returns always false, it could be a bug, we are not using that feature, we will look at it.

              it is a big in the tomcat/jboss integration.

              it has been fixed in jboss-4.0.2beta (not out yet but soon). I have had not tested it yet personnally.

              Have you fixed the problem?

              • 4. Re: Security in Portal
                Sergey A Newbie

                Is there another way to acess user profile and to get users role?