0 Replies Latest reply on Jun 5, 2006 8:01 AM by lost traveller

    Custom Security - RealmMapping.doesUserHaveRole() has null p

    lost traveller Newbie

      After looking through various tutorials and documentation, I am still lost.

      I'm trying to implement custom authentication and authorization, I have created a RealmMapping, but it is being passed a null Principal in realmMapping.doesUserHaveRole(principal, methodRoles) , any ideas why this would be? What am I missing?

      This is the code I am using:

      public class MySecurityManager extends JaasSecurityManager
      {
      ...
       public boolean doesUserHaveRole(Principal principal, Set rolePrincipals)
       {
       MySecurityInterface mySec = MySecurityFactory.getMySecurity();
      
       if(rolePrincipals!=null)
       {
       for (Iterator iter = rolePrincipals.iterator(); iter.hasNext();)
       {
       Principal role = (Principal) iter.next();
      
       // custom security code to check if the user have the required role
       if( mySec.isUserInRole(principal, role.getName()))
       {
       return true;
       }
       }
       }
       return false;
       }
      }
      


      Also I need to check to see if a user has a specific role to access an EJB method at runtime (i.e. when each EJB method is called), as the roles a user has can change from minute to minute, whilst they are logged in, is using a RealmMapping (i.e the code above) the correct way of achieving this?