2 Replies Latest reply on Aug 4, 2003 10:43 AM by Dave Roxburgh

    doesUserHaveRole() and getUserRoles() don't work...

    Dave Roxburgh Newbie


      D'oh, another dweeby question I'm afraid... I can't get doesUserHaveRole() and getUserRoles() to work as I'd expect.

      JBoss 3.0.4

      I've got my RealmMapping but when I call doesUserHaveRole() it returns false even when it is known that the user does have the role. When I call getUserRoles() it returns null. Maybe I'm missing something...

      The user (aUser) is in the ADMIN_ROLE role (aRole), configured/stored in MyRealm.

      RealmMapping rm = null;
      try {
      rm = (RealmMapping) new InitialContext().lookup("java:jaas/MyRealm");
      } catch (NamingException ne) {
      throw new HostAccException("NamingException while getting realmMapping.");
      }
      HashSet hs = new HashSet();
      hs.add(new SimplePrincipal(ADMIN_ROLE));
      boolean adminUser = rm.doesUserHaveRole(ctx.getCallerPrincipal(), hs);
      System.out.println("hs = "+hs);
      System.out.println("ctx.getCallerPrincipal().getName() = "+ctx.getCallerPrincipal().getName());
      System.out.println("rm.doesUserHaveRole(ctx.getCallerPrincipal(), hs) = "+rm.doesUserHaveRole(ctx.getCallerPrincipal(), hs));
      System.out.println("user '"+ctx.getCallerPrincipal().getName()+"' is in roles:"+rm.getUserRoles(ctx.getCallerPrincipal()));

      produces ---
      hs = [aRole]
      ctx.getCallerPrincipal().getName() = aUser
      rm.doesUserHaveRole(ctx.getCallerPrincipal(), hs) = false
      -- should be true
      user 'aUser' is in roles:null
      -- should be aRole

      Have I missed something?

      Many thanks in advance,
      Dave

        • 1. Re: doesUserHaveRole() and getUserRoles() don't work...
          Dave Roxburgh Newbie


          Hmmm, well, OK, doesUserHaveRole() and getUserRoles() aren't helping me out much... so I'm playing with EntityContext.isCallerInRole() instead - why not?... but it doesn't work either.

          BTW, this is all running in an EJB.

          When isCallerInRole() is called I get the following output to server.log:
          2003-07-18 16:51:49,456 ERROR [org.jboss.ejb.plugins.LogInterceptor] RuntimeException:
          java.lang.IllegalStateException: isCallerInRole() called with no security context. Check that a security-domain has been set for the application.
          at org.jboss.ejb.EnterpriseContext$EJBContextImpl.isCallerInRole(EnterpriseContext.java:389)

          Can some really clever person tell my why doesUserHaveRole() and getUserRoles() seem to be handy methods for getting false and null respectively
          or
          how to set a security-domain for my application? Of course, I have set up an application-policy in login-conf.xml and all the access control and authentication are working just fine.
          or
          tell me I'm doing it all wrong and the right way to test if the caller is in a role is... whatever

          Thanks again,
          Dave

          • 2. Re: doesUserHaveRole() and getUserRoles() don't work...
            Dave Roxburgh Newbie

            Follow-up:
            You have to set a <security-domain> in the jboss.xml. Once that's in place the security manager prevents any access to EJB methods unless you explicitly allow access with <method-permission> in ejb-jar.xml. Then, anonymous users still can't get access because JBoss doesn't consider them to be real users so you have to set up a <login-module> using AnonLoginModule in your login.conf...