3 Replies Latest reply on Jun 2, 2011 12:03 PM by M M

    GateIn 3.1 JAAS Role issue

    M M Newbie

      Hi All,


      I am in the middle of implementing a Login Module for GateIn. My gatein-jboss-beans.xml file looks like this:


      <login-module code="my.organization.gateInSecurityModule.login.SSOLoginModule" flag="required">


        <login-module code="org.exoplatform.services.security.j2ee.JbossLoginModule" flag="required">

      <module-option name="portalContainerName">portal</module-option>

      <module-option name="realmName">gatein-domain</module-option>



      The SSOLoginModule class is a customized version of the class from sso-agent component from JBoss. So in this class I create the identity object as in the original, save it to the sharedState. Note that I also attach the roles to the identiy object.





      sharedState.put("exo.security.identity", identity);

      sharedState.put("javax.security.auth.login.name", username);


      From what I have gathered , the JbossLoginModule uses identity.getRoles() to populate the subject.



              Set<Principal> principals = subject.getPrincipals();

              Group roleGroup = new JAASGroup(JAASGroup.ROLES);

              for (String role : identity.getRoles()) {

                   System.out.println("===== attaching role : " + role);

                   roleGroup.addMember(new RolePrincipal(role));

                   principals.add(new RolePrincipal(role));



              principals.add(new UserPrincipal(identity.getUserId()));


      So in theory, all wents well - the for loop iterates through all the roles I want it to iterate (around 20). However, when I want to check whether a user is a member of a specific role, it always fails (even when the role was added to roleGroup). I am checking in a portlet.


      I try to use


      rich:isUserInRole in JSF






      Why are the user roles not available for checking ?