request.isUserInRole not working in JBOSS 4.0.0
mikala Sep 22, 2004 3:10 PMHello !
I have very simple application:
<application> <display-name>test_app</display-name> <web> <web-uri>test_web.war</web-uri> <context-root>/test_web</context-root> </web> </module> <ejb>test_ejb.jar</ejb> </module> </application>
In my web module I have only 1 servlet. My web.xml:
<web-app> <servlet> <servlet-name>TestServlet</servlet-name> <display-name>Test servlet</display-name> <description>Test </description> <servlet-class>test.TestServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>TestServlet</servlet-name> <url-pattern>/test</url-pattern> </servlet-mapping> <security-constraint> <web-resource-collection> <web-resource-name>secured</web-resource-name> <url-pattern>/test</url-pattern> <http-method>HEAD</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> <http-method>DELETE</http-method> </web-resource-collection> <auth-constraint> <role-name>*</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/loginerror.jsp</form-error-page> </form-login-config> </login-config> <security-role> <role-name>*</role-name> </security-role> </web-app>
My jboss-web.xml:
<jboss-web> <security-domain>java:/jaas/postgresql-based</security-domain> </jboss-web>
My login-config.xml:
<application-policy name = "postgresql-based"> <authentication> <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required"> <module-option name = "dsJndiName">java:/TalgosDS</module-option> <module-option name = "principalsQuery">SELECT pass FROM user WHERE is_system='f' and login=?</module-option> <module-option name = "rolesQuery">select role_code ,'Roles' from roles where login=?</module-option> <module-option name = "hashAlgorithm">MD5</module-option> <module-option name = "hashEncoding">base64</module-option> </login-module> </authentication> </application-policy>
In doGet in my TestServlet I have:
out.println("request.isUserInRole(\"AD1\") = "+request.isUserInRole("AD1")+"");
out.println("request.getUserPrincipal() = "+request.getUserPrincipal()+"");
WHen I running this servlet on JBOSS 3.2.5 isUserInRole("AD1") return true
When I running on JBOSS 4.0.0 isUserInRole("AD1") return false
Is there a bug in 4.0.0 ?
What I should to do with jboss configuration to run this application ?