I think I've figured out my issue. I was not configuring the realm in the
web.xml file so the SecurityManager didn't know what realm to use. Everything
worked fine in my LoginUser servlet because there I specifically set the realm
for the SecurityManager.
Here is what I'm now doing in web.xml:
<filter>
<filter-name>JSecurityFilter</filter-name>
<filter-class>org.jsecurity.web.servlet.JSecurityFilter</filter-class>
<init-param>
<param-name>config</param-name>
<param-value>
#See JSecurity API http://jsecurity.org/api/index.html
# and
http://www.jsecurity.org/api/org/jsecurity/web/servlet/JSecurityFilter.html
#create an object of the RoleSecurityJdbcRealm
#inject that object into the SecurityManager
[main]
realmA =
name.brucephillips.rolesecurity.dao.RoleSecurityJdbcRealm
#this application will use all the default
#filters (see link above)
#for example the default login page is /login.jsp
#users who try to access a page protected by JSecurity
#will be sent to /login.jsp
[filters]
#only let authenticated users
#with the appropriate role
#view the web pages in the secure
#and admin areas
[urls]
/secure/** = authc, roles[user]
/admin/** = authc, roles[admin]
</param-value>
</init-param>
</filter>
Here is class RoleSecurityJdbcRealm
public class RoleSecurityJdbcRealm extends JdbcRealm {
public RoleSecurityJdbcRealm() {
super();
//get the DataSource that JSecurity's JdbcRealm
//should use to find the user's password
//using the provided username
//see context.xml for this DataSource's properties
InitialContext ic;
DataSource dataSource;
try {
ic = new InitialContext();
dataSource = (DataSource)
ic.lookup("java:/comp/env/jdbc/security");
this.setDataSource(dataSource);
} catch (NamingException e) {
e.printStackTrace();
}
}
}
PLEASE note that the JavaDoc for JSecurityFilter WAS NOT helpful. No where in
that JavaDoc does it mention specifying the realm that should be created and
that will then be injected into SecurityManager.
If someone could let me know if I'm doing this correclty that would be helpful.
There just are not any good examples for setting up JSecurity using the
JdbcRealm in a standard web application (one that is not using Spring,
Hibernate, Ivy, etc). Before I can apply JSecurity to my own projects (and
perhaps use Spring with it) I need to understand how to get the basics to work.
The code for my latest example that uses role security is at:
http://www.brucephillips.name/jsecurity_examples/rolesecurity_mod_1.zip
Once I get all this working and I understand somewhat why/how it works, I'll be
writing up a series of tutorials for others.
--
View this message in context:
http://n2.nabble.com/Call-to-Subject-class-hasRoles-method-causes-NoSuchElementException-tp2578639p2581031.html
Sent from the JSecurity User mailing list archive at Nabble.com.
