1 Reply Latest reply on Nov 2, 2006 9:59 AM by Kevin Johnson

    isUserInRole returning hardcoded false

    Kevin Johnson Newbie


      JBoss Portal Version 2.2.1 SP3 downloaded
      JBoss AS Version 4.0.4 GA
      OS Platform Windows XP

      From JSPs, the request.isUserInRole("rolename") is returning false. We discovered that this is hardcoded to "return false" in the DispatchedHttpServletRequest class. We located the method being called by stepping through the debugger in Eclipse. This isn't the behavior we expected, but is it done for a reason?


      package org.jboss.portal.portlet.impl;
      public class DispatchedHttpServletRequest implements HttpServletRequest
      {
      . . . .
      public boolean isUserInRole(String s)
      {
      return false;
      }
      . . . .
      }

        • 1. Re: isUserInRole returning hardcoded false
          Kevin Johnson Newbie

          Issue Resolved --

          This method is being called from a request dispatcher "include". The only instantiation of a DispatchedHttpServletRequest object that I could find is in the PortletRequestDispatcherImpl class, and only for the case of a JSP dispatcher "include".

          Although the original request is made available to the DispatchedHttpServletRequest object, it does not make use of it to provide information such as the isUserInRole. The 2.2.1 code is the same as the 2.4 code.

          SRV.8.3 "The Include Method" section of the 2.4 Servlet Specification states:
          "The target servlet of the include method has access to all aspects of the request object,"

          Based on this statement from the spec, I would think that a call to request.isUserInRole from the target servlet should return the same answer as the call to the original request object. The following section 8.3.1 states what must explicitly be included as request attributes, but it looks like this implementation ignores the 8.3 statement above and supplies only those things listed as "must be set".


          It's probably irrelevant since I solved the problem by extracting the original request from the dispatched request by:

          <%
          RenderRequest renderRequest = (RenderRequest)
          request.getAttribute("javax.portlet.request");

          if ( renderRequest.isUserInRole( "rolename" ) ) { . . . }
          %>

          It's not an obvious answer, so I hope this helps others who run into the same problem.