1 Reply Latest reply on Aug 12, 2012 9:05 PM by Erica Smith

    ACL requires Identity, how do I get this?

    Erica Smith Newbie

      Hi all,

       

      I apologize in advance for what is most likely a very newbie-ish question.

       

      I'm trying to use the role based ACL support in my JBoss AS 6.1 webapp. I've been loosely following the instructions here:

      http://server.dzone.com/articles/security-features-jboss-510-3

       

      The difficulty I have encountered is that the ACL library verifies against an Identity. In all of the examples I've found, the identity is constructed within the test method, but I would like to use the currently logged in user.

       

      From the request, I am able to get the user Principal. From the SecurityContext I'm able to get the SecurityIdentity and the Subject. Unfortunately, I can't seem to find any way to get hold of the current user's 'Identity' for the ACL AuthorizationManager manager to verify against.

       

      Could anyone point me in the direction of a function or code snippet which shows how to get the currently logged in user's identity from a ServletRequest?

       

      Thank you in advance,

      Erica

        • 1. Re: ACL requires Identity, how do I get this?
          Erica Smith Newbie

          In the absence of a more elegant answer, I'm using the below. This seems fragile, and depends on the implementation of principals to remain unchanged, but will do as a stop gap...

           

              public static Identity getIdentity()
              {
                  Principal callerPrincipal = SecurityAssociation.getCallerPrincipal();
          
                  if(callerPrincipal == null)
                  {
                      return ANONYMOUS_IDENTITY;
                  }
          
                  try
                  {
                      String           name       = callerPrincipal.getName();
                      RoleGroup        roles      = RoleFactory.createRoleGroup("RoleGroup");
                      Set rolegroups = SecurityAssociation.getSubject().getPrincipals(SimpleGroup.class);
          
                      for(SimpleGroup group : rolegroups)
                      {
                          Enumeration members = group.members();
          
                          while(members.hasMoreElements())
                          {
                              roles.addRole(RoleFactory.createRole(members.nextElement().getName()));
                          }
                      }
          
                      return IdentityFactory.createIdentityWithRole(name, roles);
                  }
                  catch(Exception e)
                  {
                      throw new EJBAccessException("User's identity could not be determined: " + callerPrincipal.getName());
                  }
              }