I overrided the isUserInRole function of
org.jboss.portal.portlet.impl.spi.AbstractSecurityContext, like this to solve
getting the user roles from the SecurityAssociation (whose subject i set in the
filter) and instead from the request object.
| public boolean isUserInRole(String roleName)
| {
| if(SecurityAssociation.getSubject() != null
| && req.getAuthType().equals("NTLM"))
| {
| boolean inRole = false;
| Object[] principals =
SecurityAssociation.getSubject().getPrincipals(SimpleGroup.class).toArray();
|
| SimpleGroup roleGroup = null;
| for(int i=0; i<principals.length; i++)
| {
| SimpleGroup temp = (SimpleGroup)principals[ i];
| if(temp.getName().equals("Roles"))
| roleGroup = temp;
| }
|
| if(roleGroup != null && roleGroup.isMember(new
UserPrincipal(roleName)))
| inRole = true;
|
| return inRole;
| }
| else
| return req.isUserInRole(roleName);
| }
|
I have commented out all the security constraints, and the security-role-ref
from the servlet definitions in web.xml
It worked all well. But is it the right way to go about ?
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4076105#4076105
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4076105
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
