So when you debug this,
1) is getUser(actionBean) returning null?
2) is user.getRoles() returning null?
3) is RoleDao.getInstance().findByRoleName(role) returning null?
4) does roles.contains(RoleDao.getInstance().findByRoleName(role)) return null?
Evan
On Oct 12, 2010, at 12:14 PM, John Berninger wrote:
> Folks -
>
> I'm having some problems figuring out security in Stripes. I'm attempting to
> use the J2EESecurityManager model described in the Stripes book, and I'm
> missing something obvious...
>
> I set up a login action that sets a user ID and is supposed to (or so I
> thought) signal to the security manager that "hey, I'm logged in". When I
> then redirect to an action bean that I've marked as requiring a certain role,
> I get a 401 error message saying "This request requires HTTP
> authentication()."
>
> I'm attaching my security manager class, the login action bean, and the bean
> requiring the user be logged in. Any help on where I went wrong would be
> appreciated.
>
> --
> John
>
> --
> John
>
> package util;
>
> import org.stripesstuff.plugin.security.*;
>
> import daoimpl.RoleDao;
> import net.sourceforge.stripes.action.*;
> import java.lang.reflect.*;
> import java.util.*;
> import model.*;
> import action.*;
> import org.apache.log4j.*;
> public class HaxSecurityManager extends J2EESecurityManager {
> private static Logger log = Logger.getLogger(HaxSecurityManager.class);
>
> @Override
> protected Boolean isUserAuthenticated(ActionBean bean, Method handler) {
> return getUser(bean) != null;
> }
>
> @Override
> protected Boolean hasRole(ActionBean actionBean, Method handler, String
> role) {
> log.debug("Checking for role");
> Person user = getUser(actionBean);
> if ( user != null ) {
> Collection<Role> roles = user.getRoles();
> if ( null == roles ) {
> return false;
> }
> return roles != null &&
> roles.contains(RoleDao.getInstance().findByRoleName(role));
> }
> return false;
> }
>
> private Person getUser(ActionBean bean) {
> MyActionBeanContext ctx = (MyActionBeanContext)
> ((BaseActionBean) bean).getContext();
> Person user = ctx.getLoginID();
> try {
> log.debug("Found current logged in user " +
> user.getUsername());
> }
> catch (Exception e) {
> log.warn("Error in current logged in user object - " +
> e.getMessage());
> }
> return user;
> }
> }
> package action;
>
> import net.sourceforge.stripes.action.*;
> import javax.annotation.security.*;
>
> @RolesAllowed("User")
> public class HomeActionBean extends BaseActionBean {
> private static final String HOMEPAGE = "/WEB-INF/jsp/home.jsp";
>
> @DefaultHandler
> public Resolution mainForm() {
> return new ForwardResolution(HOMEPAGE);
> }
> }
> package action;
>
> import daoimpl.*;
> import model.*;
> import util.*;
> import net.sourceforge.stripes.action.*;
> import org.apache.log4j.*;
>
> public class LoginActionBean extends BaseActionBean {
> private String username;
> private String password;
> private static Logger log = Logger.getLogger(LoginActionBean.class);
>
> public void setUsername(String username) {
> this.username = username;
> }
>
> public String getUsername() {
> return username;
> }
>
> public void setPassword(String password) {
> this.password = password;
> }
>
> public String getPassword() {
> return password;
> }
>
> @DefaultHandler
> public Resolution noName() {
> return new RedirectResolution(GreeterActionBean.class);
> }
>
> public Resolution login() {
> log.debug("Starting login process");
> Person foundUser =
> UserDao.getInstance().findUserByName(getUsername());
> if ( null == foundUser ) {
> log.warn("Username not found in database");
> getContext().getMessages().add(new SimpleMessage("The
> specified username was not found in our database. Please create an account
> before attempting to log in."));
> return new RedirectResolution(GreeterActionBean.class);
> }
> if ( getPassword().equals(foundUser.getPassword()) ) {
> MyActionBeanContext ctx =
> (MyActionBeanContext)getContext();
> ctx.setLoginID(foundUser);
> log.debug("Logging in user " + this.username);
> return new RedirectResolution(HomeActionBean.class);
> } else {
> log.warn("Password incorrect for user " +
> this.username);
> getContext().getMessages().add(new SimpleMessage("The
> password given is incorrect. Please try again."));
> return new RedirectResolution(GreeterActionBean.class);
> }
> }
> }
> ------------------------------------------------------------------------------
> Beautiful is writing same markup. Internet Explorer 9 supports
> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
> Spend less time writing and rewriting code and more time creating great
> experiences on the web. Be a part of the beta today.
> http://p.sf.net/sfu/beautyoftheweb_______________________________________________
> Stripes-users mailing list
> Stripes-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/stripes-users
------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
Spend less time writing and rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
