4 Replies Latest reply on Oct 16, 2001 4:50 PM by Luke Taylor

    Getting user roles after login

    Maurice Mills Newbie

      I need to do write a JSP that will display different things based on the roles of the user that is logged in.

      How do I get the list of roles?

      I have tried request.getUserPrincipal(), but this just gives me a Principal and I can't figure out how to convert this to a Subject so I can get the roles. Is there another way to do this?

      Thanks,
      Maury

        • 1. Re: Getting user roles after login
          Konstantin Newbie

          Look into the source of JbossSecurityMgrRealm
          ( can be found in CVS repository, where exactly ->use google )

          You will see how it gets user roles to authorize access

          It could well store role set somwhere on the session,
          if not -> subclass it and store them on the session
          or write own interceptor class whoch does it for you.

          • 2. Re: Getting user roles after login
            Nathaniel Auvil Newbie

            simply use:

            javax.servlet.http.HttpServletRequest.isUserInRole( "theRoleName" )


            • 3. Re: Getting user roles after login
              Maurice Mills Newbie

              Thanks.

              I am creating a menu of actions based on the user's roles. I would like to get the list of roles for the users and then use that to get the available actions.

              I would prefer to not get every action then check to see if the user is allowed to perform it based on their roles.

              Thanks,

              • 4. Re: Getting user roles after login
                Luke Taylor Newbie

                Hi,

                The example I sent you before contains code to obtain the user's roles from the current Subject. Something along the lines of:

                InitialContext ic = new InitialContext();
                Subject subject = (Subject)ic.lookup("java:comp/env/security/subject");
                // To list the Principals contained in the Subject...
                Iterator principals;
                // To get the roles (the instance of java.security.acl.Group in the list of Principals)
                principals = subject.getPrincipals(java.security.acl.Group.class).iterator();
                if (principals.hasNext()) {
                Group roles = (Group)principals.next();
                Enumeration roleEnum = roles.members();
                while (roleEnum.hasMoreElements()) {
                _log.info("Role: " + roleEnum.nextElement());
                }
                }

                The roles are stored as a principal (Group) named "Roles" in the set of principals in the active Subject. Strictly speaking you should check this is the case rather than just going ahead and and using the first instance of Group you come across...

                I take it you got your form-based authentication working OK then??

                Luke.