2 Replies Latest reply on Nov 1, 2003 8:30 AM by Juha Lindfors

    isUserInRole usage misunderstanding?

    nik Newbie

      Complete noob here so have some patience...

      In login-config.xml I have a required DataBaseServerLoginModule pointing to my datasource, and I have a jboss-web.xml pointing to that app-policy. I am experimenting with a hardcoded
      login

      try {
      String username = "java";
      String password = "echoman";
      SecurityAssociationHandler handler = new SecurityAssociationHandler();
      SimplePrincipal user = new SimplePrincipal(username);
      handler.setSecurityInfo(user, password.toCharArray());
      LoginContext loginContext = new LoginContext("FooSecurity", (CallbackHandler)handler);
      loginContext.login();
      Subject subject = loginContext.getSubject();
      Set principals = subject.getPrincipals();
      principals.add(user);
      } catch (LoginException x) {
      x.printStackTrace();
      }

      Everything seems to go just fine (changing the password gives exception so lookup is OK) but request.isUserInRole("in_the_db") still returns false on the next JSP. How does the login info propagate to the request? Automatically? Or should I do something at login time?

      Haven't tried any xml-descriptor based authorization yet, I would like to get this thing working first (actually interested in the struts-logic present-role usage but I think it depends on this)

      Thanks in advance,
      Nik