Karaf 4.2.0
CXF with org.apache.cxf.jaxrs.security.JAASAuthenticationFilter
I would like for my Rest service to verify the authenticated user has the
desired role, so I am using securityContext.isUserInRole(). isUserInRole()
is returning false when the user has the role. Why?
***
* From Karaf
**
karaf@root(jaas)> user-list
User Name │ Group │ Role
──────────┼───────┼───────
Aladdin │ │ VIEW
Aladdin │ │ UPDATE
Foo │ │
Bar │ │ VIEW
karaf@root(jaas)>
***
* Excerpt from REST endpoint that a produces JSON response
***
response.put("isSecure", securityContext.isSecure());
response.put("In role UPDATE",
securityContext.isUserInRole("UPDATE"));
response.put("In role VIEW",
securityContext.isUserInRole("VIEW"));
response.put("In role ROLE_VIEW",
securityContext.isUserInRole("ROLE_VIEW"));
***
* CURL Output from REST endpoint
***
HTTP/1.1 200 OK
Content-Type: application/json
Date: Thu, 02 Aug 2018 20:34:04 GMT
Transfer-Encoding: chunked
Server: Jetty(9.4.6.v20170531)
{"In role ROLE_VIEW":false,"In role UPDATE":false,"In role
VIEW":false,"Principal":{"name":"Bar"},"PrincipalClass":"org.apache.karaf.jaas.boot.principal.UserPrincipal",
Paul Spencer
--
Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
