2 Replies Latest reply on Aug 4, 2003 10:43 AM by Dave Roxburgh

    doesUserHaveRole() and getUserRoles() don't work...

    Dave Roxburgh Newbie

      D'oh, another dweeby question I'm afraid... I can't get doesUserHaveRole() and getUserRoles() to work as I'd expect.

      JBoss 3.0.4

      I've got my RealmMapping but when I call doesUserHaveRole() it returns false even when it is known that the user does have the role. When I call getUserRoles() it returns null. Maybe I'm missing something...

      The user (aUser) is in the ADMIN_ROLE role (aRole), configured/stored in MyRealm.

      RealmMapping rm = null;
      try {
      rm = (RealmMapping) new InitialContext().lookup("java:jaas/MyRealm");
      } catch (NamingException ne) {
      throw new HostAccException("NamingException while getting realmMapping.");
      HashSet hs = new HashSet();
      hs.add(new SimplePrincipal(ADMIN_ROLE));
      boolean adminUser = rm.doesUserHaveRole(ctx.getCallerPrincipal(), hs);
      System.out.println("hs = "+hs);
      System.out.println("ctx.getCallerPrincipal().getName() = "+ctx.getCallerPrincipal().getName());
      System.out.println("rm.doesUserHaveRole(ctx.getCallerPrincipal(), hs) = "+rm.doesUserHaveRole(ctx.getCallerPrincipal(), hs));
      System.out.println("user '"+ctx.getCallerPrincipal().getName()+"' is in roles:"+rm.getUserRoles(ctx.getCallerPrincipal()));

      produces ---
      hs = [aRole]
      ctx.getCallerPrincipal().getName() = aUser
      rm.doesUserHaveRole(ctx.getCallerPrincipal(), hs) = false
      -- should be true
      user 'aUser' is in roles:null
      -- should be aRole

      Have I missed something?

      Many thanks in advance,

        • 1. Re: doesUserHaveRole() and getUserRoles() don't work...
          Dave Roxburgh Newbie

          Hmmm, well, OK, doesUserHaveRole() and getUserRoles() aren't helping me out much... so I'm playing with EntityContext.isCallerInRole() instead - why not?... but it doesn't work either.

          BTW, this is all running in an EJB.

          When isCallerInRole() is called I get the following output to server.log:
          2003-07-18 16:51:49,456 ERROR [org.jboss.ejb.plugins.LogInterceptor] RuntimeException:
          java.lang.IllegalStateException: isCallerInRole() called with no security context. Check that a security-domain has been set for the application.
          at org.jboss.ejb.EnterpriseContext$EJBContextImpl.isCallerInRole(EnterpriseContext.java:389)

          Can some really clever person tell my why doesUserHaveRole() and getUserRoles() seem to be handy methods for getting false and null respectively
          how to set a security-domain for my application? Of course, I have set up an application-policy in login-conf.xml and all the access control and authentication are working just fine.
          tell me I'm doing it all wrong and the right way to test if the caller is in a role is... whatever

          Thanks again,

          • 2. Re: doesUserHaveRole() and getUserRoles() don't work...
            Dave Roxburgh Newbie

            You have to set a <security-domain> in the jboss.xml. Once that's in place the security manager prevents any access to EJB methods unless you explicitly allow access with <method-permission> in ejb-jar.xml. Then, anonymous users still can't get access because JBoss doesn't consider them to be real users so you have to set up a <login-module> using AnonLoginModule in your login.conf...