5 Replies Latest reply on Jul 9, 2007 9:27 AM by Gary Pinkham

    Instance.hasRole()...

    Gary Pinkham Newbie

      I added code into my Authenticator object which adds roles to the Identity object. I tried to use a restriction on a page for a certain role but none of my logins have access now. So I added a check in the Authenticator right after adding the role(s) and it still returns false for hasRole(). I even hard coded a the addRole("admin") and that returns false when calling hasRole("admin") too...

      Here's a quick snap shot of the code.. Let me know if you need more artifacts.

       if (user.getAuthoritieses() != null) {
       for (Authorities role : user.getAuthoritieses()) {
       log.info("adding role: #0 to user: #1", role.getAuthority(), Identity.instance().getUsername());
       Identity.instance().addRole(role.getAuthority());
       }
       }
       Identity.instance().addRole("admin");
       log.info("has Role: #0", Identity.instance().hasRole("ROLE_RUN_LINK")?"Yes":"No");
       log.info("has Role2: #0", Identity.instance().hasRole("admin")?"Yes":"No");
      


      Which reminds me.. The code Seam generates uses an @In for Identity in the Authenticator sample class. But all the Docs show Identity.instance(). Is there a preference?

      Thanks!
      Gary

        • 1. Re: Instance.hasRole()...
          Luis Daniel Rangel Tovar Newbie

          I use

          Identity identity = Identity.instance() ;

          .. (no @In) and then

          identity.addRole( someString ) ;

          ... for each role and everything works fine.

          Maybe all those Identity.instance() aren't apropiate (they should be)

          • 2. Re: Instance.hasRole()...
            Gary Pinkham Newbie

             

            "bulloncito" wrote:
            I use

            Identity identity = Identity.instance() ;

            .. (no @In) and then

            identity.addRole( someString ) ;

            ... for each role and everything works fine.

            Maybe all those Identity.instance() aren't apropiate (they should be)


            I actually tried it all three ways.. With Identity.instance() everywhere.. with @In and with Identity ident = Identity.instance(). None of them work. So I'm guessing I missed something in the config. As an extra note.. This is a default configuration. I did seam new-project and seam generate-entities. then modifed the Authenticator. So it's quite possible I missed a step from the docs...


            • 3. Re: Identity.hasRole()...
              Gary Pinkham Newbie

              first I realized the subject said Instance.hasRole() in stead of Identity. That was just a typo in the forum by me.

              So I have followed all the instructions and I can't seem to find where I'm going wrong.. It's basic security no drools. Seamgen created the components.xml with a basic drools file.. I tried with and with out that file.. With @In Identity, with Identity ident = Identity.instance() and Identity.instance() everywhere.

              This is Seam 2.0Beta with JBoss 4.2.0GA. Windows XP and M$SQL Server for the DB.

              Funny thing is I used seam generate-entities which enables security for the Edit actions on entities. This works just fine with my Authenticator module so I'm guessing I'm doing something right. :-)

              By the way.. Does anyone know what the security is for the edit pages created by generate-entity? Is it loggedIn? or hasRole("admin")???

              Many Thanks!!!
              Gary

              Here's the output of log.info messages:

              12:42:01,392 INFO [Authenticator] adding role: ROLE_VIEW to user: superuser
              12:42:01,392 INFO [Authenticator] adding role: ROLE_RUN_LINK to user: superuser
              12:42:01,392 INFO [Authenticator] customer:3
              12:42:01,392 INFO [Authenticator] Has Role: No
              12:42:01,392 INFO [Authenticator] has Role2: No
              


              Here's my Components.xml:

              <?xml version="1.0" encoding="UTF-8"?>
              <components xmlns="http://jboss.com/products/seam/components"
               xmlns:core="http://jboss.com/products/seam/core"
               xmlns:persistence="http://jboss.com/products/seam/persistence"
               xmlns:drools="http://jboss.com/products/seam/drools"
               xmlns:security="http://jboss.com/products/seam/security"
               xmlns:mail="http://jboss.com/products/seam/mail"
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xsi:schemaLocation=
               "http://jboss.com/products/seam/core http://jboss.com/products/seam/core-2.0.xsd
               http://jboss.com/products/seam/persistence http://jboss.com/products/seam/persistence-2.0.xsd
               http://jboss.com/products/seam/drools http://jboss.com/products/seam/drools-2.0.xsd
               http://jboss.com/products/seam/security http://jboss.com/products/seam/security-2.0.xsd
               http://jboss.com/products/seam/mail http://jboss.com/products/seam/mail-2.0.xsd
               http://jboss.com/products/seam/components http://jboss.com/products/seam/components-2.0.xsd">
              
               <core:init debug="@debug@" jndi-pattern="@jndiPattern@"/>
              
               <core:manager concurrent-request-timeout="500"
               conversation-timeout="120000"
               conversation-id-parameter="cid"/>
              
               <persistence:filter name="customerFilter" enabled="#{identity.loggedIn}">
               <persistence:name>customerFilter</persistence:name>
               <persistence:parameters>
               <key>customerId</key>
               <value>#{customerId}</value>
               </persistence:parameters>
               </persistence:filter>
              
               <persistence:managed-persistence-context name="entityManager"
               auto-create="true"
               entity-manager-factory="#{knxseamEntityManagerFactory}">
               <persistence:filters>
               <value>#{customerFilter}</value>
               </persistence:filters>
               </persistence:managed-persistence-context>
              
               <persistence:entity-manager-factory name="knxseamEntityManagerFactory"
               persistence-unit-name="knxseam"/>
               <security:identity authenticate-method="#{authenticator.authenticate}"
               remember-me="true"/>
              
               <event type="org.jboss.seam.notLoggedIn">
               <action expression="#{redirect.captureCurrentView}"/>
               </event>
               <event type="org.jboss.seam.postAuthenticate">
               <action expression="#{redirect.returnToCapturedView}"/>
               </event>
              
               <mail:mail-session host="localhost" port="2525" username="test" password="test" />
              
              </components>
              


              Here's my Authenticator code:
              @Name("authenticator")
              public class Authenticator {
               @Logger
               Log log;
              
               @In
               EntityManager entityManager;
              
               public boolean authenticate() {
               try {
               UserAccount user = (UserAccount) entityManager
               .createQuery(
               "from UserAccount where name = :username and authenticationCredentials = :password")
               .setParameter("username", Identity.instance().getUsername())
               .setParameter("password", Identity.instance().getPassword())
               .getSingleResult();
               if (user.getAuthoritieses() != null) {
               for (Authorities role : user.getAuthoritieses()) {
               log.info("adding role: #0 to user: #1", role.getAuthority(), Identity.instance().getUsername());
               Identity.instance().addRole(role.getAuthority());
               }
               }
               Identity.instance().addRole("admin");
               log.info("customer:#0", user.getCustomer().getCustomerId());
               log.info("Has Role: #0", (Identity.instance().hasRole("ROLE_RUN_LINK"))?"Yes":"No");
               log.info("has Role2: #0", (Identity.instance().hasRole("admin"))?"Yes":"No");
               Contexts.getSessionContext().set("customerId", user.getCustomer().getCustomerId());
               return true;
               } catch (NoResultException ex) {
               FacesMessages.instance().add("Invalid username/password");
               return false;
               }
               }
              }
              



              • 4. Re: Instance.hasRole()...
                Shane Bryzak Master

                Calling addRole() when you are not authenticated yet puts the roles into a temporary list. They only become real roles once authentication is complete, which is why calling hasRole() in the authenticator method returns false.

                • 5. Re: Instance.hasRole()...
                  Gary Pinkham Newbie

                   

                  "shane.bryzak@jboss.com" wrote:
                  Calling addRole() when you are not authenticated yet puts the roles into a temporary list. They only become real roles once authentication is complete, which is why calling hasRole() in the authenticator method returns false.


                  That explains it! I did the log messages in another action and see that the user is indeed in the appropriate roles.

                  Thanks!