4 Replies Latest reply on Jun 21, 2005 3:55 AM by Sergey A

    Security in Portal

    Sergey A Newbie

      JBoss Portal uses own security mechanism. I need a portable application.

      I have tried to use PortlaRequest.isUserInRole() But it doesn't work.
      Will this method work in release of JBoss Portal? May I'm doing something wrong...

      I'm using RC3.

        • 1. Re: Security in Portal
          Roy Russo Master

          Describe what is "it doesnt work". Are you doing something like:



           String role = req.getParameter("role");
           if (req.isUserInRole(role))
           {
          // blah
          }
          


          • 2. Re: Security in Portal
            Sergey A Newbie

             

            public void doView(RenderRequest pRequest, RenderResponse pResponse) throws PortletException, IOException {
             PortletContext context = getPortletContext();
             PortletRequestDispatcher rd = context.getRequestDispatcher(HELLO_TEMPLATE);
            
             pRequest.setAttribute("UserName", pRequest.getRemoteUser());
             pRequest.setAttribute("IsUserInAdminRole", String.valueOf(pRequest.isUserInRole("Administrators")));
             pRequest.setAttribute("IsUserInRole", String.valueOf(pRequest.isUserInRole("ByBusinessRole")));
            
             rd.include(pRequest, pResponse);
             }



            IsUserInAdminRole and IsUserInRole are FALSE for admin and for user which is in ByBusinessRole

            • 3. Re: Security in Portal
              Sergey A Newbie

              I've found topic http://www.jboss.com/index.html?module=bb&op=viewtopic&t=61109


              No, isUserInRole is JSR168 compliant,if it returns always false, it could be a bug, we are not using that feature, we will look at it.


              it is a big in the tomcat/jboss integration.

              it has been fixed in jboss-4.0.2beta (not out yet but soon). I have had not tested it yet personnally.


              Have you fixed the problem?




              • 4. Re: Security in Portal
                Sergey A Newbie

                Is there another way to acess user profile and to get users role?