3 Replies Latest reply on Dec 5, 2008 6:56 AM by Ingo Jobling

    isUserInRole not working in 2.1

    Brad Douglas Newbie


      We're having problems with the isUserInRole() EL routines not returning true when we've definately set the roles for the principle.

      We're using our own login module within the JBoss security framework for authentication etc, therefore I've included this config frmo the 2.1 security doco into our components.xml:

      <security:identity jaas-config-name="other"/>

      Here is the code in our LoginModule that we're using to add the roles to our principle:

           * Return the roles the user has.
           * @return the Group of roles
           * @exception LoginException thrown if anything goes wrong
          public Group[] getRoleSets() throws LoginException {
              if (logger.isTraceEnabled()) {
                  logger.trace("getRoleSets(): entry");
              final Group rolesGroup = new SimpleGroup("Roles");
              if (user != null) {
                  if (logger.isDebugEnabled()) {
                      logger.debug("getRoleSets(): adding USER role");
                  rolesGroup.addMember(new SimplePrincipal("USER"));  // always grant "USER"
                  for (final UserRole role : user.getUserRoles()) {
                      final String roleName = role.getRole().getName();
                      if (logger.isDebugEnabled()) {
                          logger.debug("getRoleSets(): adding role [#0]", roleName);
                      rolesGroup.addMember(new SimplePrincipal(roleName));
              if (logger.isTraceEnabled()) {
                  logger.trace("getRoleSets(): exit");
              return new Group[]{rolesGroup};

      Here is the log output form our admin user logging in:

      2008-12-04 15:03:24,078 TRACE [com.synyati.spurwing.security.SpurwingLoginModule] getRoleSets(): entry
      2008-12-04 15:03:24,078 DEBUG [com.synyati.spurwing.security.SpurwingLoginModule] getRoleSets(): adding USER role
      2008-12-04 15:03:24,078 DEBUG [com.synyati.spurwing.security.SpurwingLoginModule] getRoleSets(): adding role [APP_ADMIN]
      2008-12-04 15:03:24,078 TRACE [com.synyati.spurwing.security.SpurwingLoginModule] getRoleSets(): exit

      In our xhtml code we have a h:commandButton with the following EL in the rendered but is not being displayed for that user.

      rendered="#{isUserInRole['APP_ADMIN'] or isUserInRole['ORG_ADMIN']}"

      This uesed to work in 2.0, so if anyone could please give me hint as to what is wrong, or where I could find more information regarding how to find out what is wrong now I'd really appreciate it, as we really need to upgrade to 2.1 to get the ability to render tags from our on taglib via Renderer.instance().render().

      Any help greatly appreciated
      Regards Brad D

        • 1. Re: isUserInRole not working in 2.1
          Brad Douglas Newbie

          Sorry to reply to my own post, but I've got some more info and a very specific question.

          I've gone through the Seam code and appear to have narrowed the issues down to code in the IdentityRequestWrapper class that is new in 2.1:

             public boolean isUserInRole(String role) {
                return getUserPrincipal() != null && identity != null ? identity.hasRole(role) : false;

          If I'm reading this correctly, unless I use a Seam Identity to manage the groups etc, then the EL isUserInRole is always going to return false.  I can see in the doco that there is ability to configure identity managers for JPA and LDPA, but I can't see anything about getting the role information from JAAS.

          Is there a way to get Seam 2.1 to use JAAS for role permissions?  Alternatively, is Seam 2.1 allowing JAAS to handle authentication but not authorisation (and if so why)?

          I've already shown that our roles are set in the JAAS LoginModule, so I just need someone to confirm that I need to migrate to Seams Identity model, or work around isUserInRole() not working.


          • 2. Re: isUserInRole not working in 2.1
            Brad Douglas Newbie

            Hi again,

            Well, I've got it working. I found this forum topic that had a nugget in it regarding disabling the Identity filters.  If you add the following to components.xml, Seam falls back to normal container management:

            <web:identity-filter disabled="true"/>

            Could this be added to the doco?

            Hope this helps someone.

            • 3. Re: isUserInRole not working in 2.1
              Ingo Jobling Master

              Wow this really sucks.  I think Seam rocks, but the hours spent hunting down obscure stuff like this is ridiculous.  Never mind RTFM, how about WTFM (Write the friendly manual)