If you are using form auth you should still be getting isUserInRole to
be true after you have logged in once, even on unprotected pages. I'm
not sure if there are any tests for this anywhere, especially for jsps
that aren't listed in web.xml. We have gotten this to work for
servlets at various times.
If you are using basic or digest auth, you won't AFAIK. I'm not sure
about client-cert auth.
Which geronimo version are you using?
thanks
david jencks
On Dec 18, 2009, at 9:57 AM, blb wrote:
I finally succededed in getting true from the isUserInRole() call,
protecting
more resources in the web.xml file.
I have to check the whole application to see if the unauthenticated
section
still works (some of the resources i have put in the protected area
are
used by both parts).
I'll keep you informed of the results.
Fabrice
blb wrote:
I did a few more tests.
The isUserInRole() returns true only for protected servlets.
I didn't succeded yet in declarings the jsps as protected resources.
Fabrice
blb wrote:
David,
Thanks for your reply.
1) Yes, the authentication works well.
2) isUserInRole() always returns false. It is called from a jsp
which is
not declared in the webapp protected resources (this configuration
worked
well in Tomcat). I'll try to declare the jsps in the protected
resources
to check if the problem is solved.
3) The webapp is made of jsps and servlets. The isUserInRole() call
returns true in a protected servlet.
Fabrice
djencks wrote:
I'd like to clarify a couple of points...
- IIUC, you have to authenticate to access a secured page, this
part
of security is working fine?
- From a secured page, you cannot use isUserInRole()?
- are all your pages jsps? Do they have servlet mappings? Does
this
occur with a secured servlet?
thanks
david jencks
On Dec 17, 2009, at 7:10 AM, blb wrote:
Hi all,
I am migrating from Tomcat to Geronimo and need some help to
finish to
configure security for a webapp.
I can authenticate a user within Geronimo but I'm not able to get
the user
role.
The request.isUserInRole() call always returns false.
You can find below an extract of the configuration files
concerned by
security:
http://old.nabble.com/file/p26829415/extract_geronimo-web.xml
extract_geronimo-web.xml
http://old.nabble.com/file/p26829415/extract_web.xml
extract_web.xml
Can you please tell me what's wrong (or missing) with the webapp
configuration ?
--
View this message in context:
http://old.nabble.com/Unable-to-get-user-role-tp26829415s134p26829415.html
Sent from the Apache Geronimo - Users mailing list archive at
Nabble.com.
--
View this message in context:
http://old.nabble.com/Unable-to-get-user-role-tp26829415s134p26847205.html
Sent from the Apache Geronimo - Users mailing list archive at
Nabble.com.
