isUserInRole and DefaultLoginModule

Mon, 17 Jul 2006 14:30:53 -0700 

I ran into this strange behavior and I’m wondering if anyone else has had
the same issue or knows of a fix/workaround.

I am running Jetspeed 2.0 on JBoss 4.0.2.  (It also occurs in JBoss AS
4.0.4.GA)  

I have a portlet that, from a JSP, checks a user’s role using
HttpServletRequest.isUserInRole( role ). It actually does this in a jsp tag,
but that shouldn’t matter. (see code, below)

The portlet works fine when using JBoss’s UsersRolesLoginModule.  When I
switch over to using the Jetspeed 2 DefaultLoginModule, the portlets can no
longer see the roles from JSP.  (To verify I logged in as admin and used the
RoleSecurityTest portlet and it confirms my findings.)  I can, however,
login and as long as I never check the principal’s roles everything else
/seems/ OK.  It also correctly resolves the user principal, regardless of
the login module chosen. (see XML configuration snippets, below)

Any suggestions would be appreciated.

Dave


----- working login-config.xml snippet --------

    <application-policy name="Jetspeed">
       <authentication>
          <login-module code =
"org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required">
             <module-option
name="usersProperties">js2-users.properties</module-option>
             <module-option
name="rolesProperties">js2-roles.properties</module-option>
          <module-option
name="unauthenticatedIdentity">nobody</module-option>
          </login-module>
       </authentication>
    </application-policy>

------ end of the working login-config.xml snippet ----------

----- not working login-config.xml snippet --------

    <application-policy name="Jetspeed">
      <authentication>
        <login-module
code="org.apache.jetspeed.security.impl.DefaultLoginModule" flag="required">
        </login-module>
      </authentication>
    </application-policy>

------ end of the not working login-config.xml snippet ----------

------- code called from the JSP  ---------

    HttpServletRequest r = (HttpServletRequest) request;
    boolean b = r.isUserInRole(role);

    if (log.isDebugEnabled())
      log.debug("Using " + r + " user " + r.getUserPrincipal() + " is "
          + ((b) ? "" : "not ") + "in the role " + role + ".");

--------- end of the code called from the JSP ---------


-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.10.1/389 - Release Date: 7/14/2006
 


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to