3 Replies Latest reply on Jun 2, 2011 12:03 PM by M M

    GateIn 3.1 JAAS Role issue

    M M Newbie

      Hi All,

       

      I am in the middle of implementing a Login Module for GateIn. My gatein-jboss-beans.xml file looks like this:

       


      <login-module code="my.organization.gateInSecurityModule.login.SSOLoginModule" flag="required">

      </login-module> 



        <login-module code="org.exoplatform.services.security.j2ee.JbossLoginModule" flag="required">

      <module-option name="portalContainerName">portal</module-option>

      <module-option name="realmName">gatein-domain</module-option>

      </login-module>

       

      The SSOLoginModule class is a customized version of the class from sso-agent component from JBoss. So in this class I create the identity object as in the original, save it to the sharedState. Note that I also attach the roles to the identiy object.

       

      (...)

      identity.setRoles(roles);

      (...)

      sharedState.put("exo.security.identity", identity);

      sharedState.put("javax.security.auth.login.name", username);

       

      From what I have gathered , the JbossLoginModule uses identity.getRoles() to populate the subject.

       

       

              Set<Principal> principals = subject.getPrincipals();

              Group roleGroup = new JAASGroup(JAASGroup.ROLES);

              for (String role : identity.getRoles()) {

                   System.out.println("===== attaching role : " + role);

                   roleGroup.addMember(new RolePrincipal(role));

                   principals.add(new RolePrincipal(role));

              }

              principals.add(roleGroup);

              principals.add(new UserPrincipal(identity.getUserId()));

       

      So in theory, all wents well - the for loop iterates through all the roles I want it to iterate (around 20). However, when I want to check whether a user is a member of a specific role, it always fails (even when the role was added to roleGroup). I am checking in a portlet.

       

      I try to use

       

      rich:isUserInRole in JSF

       

      and

       

      request.isUserInRole(role)

       

      Why are the user roles not available for checking ?

       

      Thanks

      M