3 Replies Latest reply on Jun 20, 2012 6:16 AM by i10

    isCallerInRole(...) returns wrong result

    i10 Newbie

      A query to isCallerInRole("VIP") returns the following results:


      UserRolesExpected Result
      Effective Result
      samCustomer, VIPtruefalse


      In JBoss 4,5 and 6 the query works fine. With JBoss 7 the result for user sam is false instead of true.

        • 1. Re: isCallerInRole(...) returns wrong result
          Stefan Guilhen Apprentice

          Could you please provide more information about the security configuration for you application? I'm particularly interested in the security domain config with its login modules.

          • 2. Re: isCallerInRole(...) returns wrong result
            i10 Newbie

            I'm using the predefined security domain other and added the user's with the JBOSS_HOME/add_user.bat Scritpt to the ApplicationRealm.


            standalone-full.xml snippet:

            <subsystem xmlns="urn:jboss:domain:security:1.1">


                            <security-domain name="other" cache-type="default">


                                    <login-module code="Remoting" flag="optional">

                                        <module-option name="password-stacking" value="useFirstPass"/>


                                    <login-module code="RealmUsersRoles" flag="required">

                                        <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>

                                        <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>

                                        <module-option name="realm" value="ApplicationRealm"/>

                                        <module-option name="password-stacking" value="useFirstPass"/>

                                        <module-option name="unauthenticatedIdentity" value="guest"/>




            Servelt snippet:

            @ServletSecurity(@HttpConstraint(rolesAllowed = {"Customer", "VIP"}))

            public class LoginServlet extends HttpServlet {

            • 3. Re: isCallerInRole(...) returns wrong result
              i10 Newbie

              Problem solved.


              When adding the roles of the user sam, i added a blank after the first role like this "Customer, VIP", which leaded to the described problem.

              The roles must be added (with the add_user.bat/sh) without any blanks, i.e. like this "Customer,VIP". This way, the isCallerInRole() works fine.