Hi all...
I am running the JBoss 2.4.4 / Tomcat 3.2.3 bundle on Windows 2000 / Linux.
I am having a need to change the roles of a particular user at runtime to simulate logging the user in as a different user (as the linux command su if you will). The problem I'm having is that the new user identity may or may not have a different set of roles, so basically I will need to modify the roles of the user.
Based on previous threads I start by looking up the JaasSecurityManager in JNDI (based on a post by Scott Stark) and thereafter changing the roles for the user by modifying the principal object. I have created a JSP for testing that runs the code for me (see below).
My problem as such is that the roles appear to be changed but that the change of roles isn't affected in the container (servlet or ejb). This means that the request.isUserInRole(<string>) method keeps reporting the roles from the initial login (I'm using the IdentityLoginModule for testing) instead of the roles set at runtime.
Have anyone tried this or does anyone know whether it is a matter of "just calling a method" to inform the containers that the roles has changed...?
Thanks in advance,
Mikkel Heisterberg
-- *** --- *** --- *** ---
Code for testing:
-- *** --- *** --- *** ---
javax.naming.InitialContext ctx = new javax.naming.InitialContext();
org.jboss.security.plugins.JaasSecurityManager jsm = (org.jboss.security.plugins.JaasSecurityManager) ctx.lookup("java:/jaas/securetestzone");
javax.security.auth.Subject s = jsm.getActiveSubject();
java.util.Set principals = s.getPrincipals();
java.util.Iterator ite = principals.iterator();
out.println("<b>Found roles:</b><br>");
while (ite.hasNext()) {
Object o = ite.next();
out.println(o.getClass().getName() + "<br>");
if (o instanceof org.jboss.security.NestableGroup) {
out.println("Found NestableGroup...<br>");
org.jboss.security.NestableGroup group = (org.jboss.security.NestableGroup)o;
java.util.Enumeration enum = group.members();
while (enum.hasMoreElements()) {
Object obj = enum.nextElement();
out.println("class: " + obj.getClass().getName() + "<br>");
org.jboss.security.SimplePrincipal sp = (org.jboss.security.SimplePrincipal)obj;
out.println("member = " + sp.getName() + "<br>");
}
}
}
ite = s.getPrincipals().iterator();
while (ite.hasNext()) {
Object o = ite.next();
if (o instanceof org.jboss.security.NestableGroup) {
out.println("Removing existing roles...<br>");
principals.remove(o);
out.println("Creating new roles...<br>");
org.jboss.security.NestableGroup ng = new org.jboss.security.NestableGroup("Roles");
org.jboss.security.SimpleGroup sg = new org.jboss.security.SimpleGroup("Roles");
ng.addMember(sg);
sg.addMember((java.security.Principal)(new org.jboss.security.SimplePrincipal("role1")));
sg.addMember((java.security.Principal)(new org.jboss.security.SimplePrincipal("role2")));
principals.add(ng);
}
}
ite = s.getPrincipals().iterator();
while (ite.hasNext()) {
Object o = ite.next();
if (o instanceof org.jboss.security.NestableGroup) {
out.println("Found NestableGroup...<br>");
org.jboss.security.NestableGroup group = (org.jboss.security.NestableGroup)o;
java.util.Enumeration enum = group.members();
while (enum.hasMoreElements()) {
Object obj = enum.nextElement();
out.println("class: " + obj.getClass().getName() + "<br>");
org.jboss.security.SimplePrincipal sp = (org.jboss.security.SimplePrincipal)obj;
out.println("member = " + sp.getName() + "<br>");
}
}
}
- RE: [JBoss-user] Assigning roles dynamically - interact... Mikkel Heisterberg
- RE: [JBoss-user] Assigning roles dynamically - int... Sacha Labourey
- RE: [JBoss-user] Assigning roles dynamically -... Mikkel Heisterberg
