You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomee.apache.org by jszczepankiewicz <js...@gmail.com> on 2012/08/19 22:34:19 UTC

(Security) isUserInRole not working?

Hi,
Apache tomee 1.0.0 web profile, jdk 7. 

I am facing strange problem:
Using programmatic login by HttpServletRequest.login method.

Also using: org.apache.openejb.core.security.jaas.SQLLoginModule

After login I can successfully use methods on (HttpServletRequest and on
SessionContext)
req.getUserPrincipal().getName() (from basic servlet)
context.getCallerPrincipal().getName (from Stateless EJB)
they return proper name

But if i use:
req.isUserInRole(...)
or 
context.isUserInRole()
they always return false

I have tested the groupSelect query in login.conf and see no errors.

This is very basic functionality and rather not possible that this is a
tomee bug so what's wrong? Documentation for tomme is so basic. Is some
container (openejb.conf) specific configuration required to map roles to
groups? Thanks in advance.





--
View this message in context: http://openejb.979440.n4.nabble.com/Security-isUserInRole-not-working-tp4656906.html
Sent from the OpenEJB User mailing list archive at Nabble.com.

Re: (Security) isUserInRole not working?

Posted by Romain Manni-Bucau <rm...@gmail.com>.

Hi,

it typically needs to configure the tomcat realm to be the openejb one
(link between tomcat and openejb)

here a sample:
http://svn.apache.org/repos/asf/openejb/trunk/openejb/examples/cdi-ejbcontext-jaas/src/main/tomee/conf/server.xml

it uses the properties config but using the sql one should work too.

The point is mainly the request methods use the tomcat realm and i guess
you didn't specify the openejb one.

BTW some enhancements have been done on the snapshot on these subjects, you
can give it a try too.

*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.com*




2012/8/19 jszczepankiewicz <js...@gmail.com>

> Hi,
> Apache tomee 1.0.0 web profile, jdk 7.
>
> I am facing strange problem:
> Using programmatic login by HttpServletRequest.login method.
>
> Also using: org.apache.openejb.core.security.jaas.SQLLoginModule
>
> After login I can successfully use methods on (HttpServletRequest and on
> SessionContext)
> req.getUserPrincipal().getName() (from basic servlet)
> context.getCallerPrincipal().getName (from Stateless EJB)
> they return proper name
>
> But if i use:
> req.isUserInRole(...)
> or
> context.isUserInRole()
> they always return false
>
> I have tested the groupSelect query in login.conf and see no errors.
>
> This is very basic functionality and rather not possible that this is a
> tomee bug so what's wrong? Documentation for tomme is so basic. Is some
> container (openejb.conf) specific configuration required to map roles to
> groups? Thanks in advance.
>
>
>
>
>
> --
> View this message in context:
> http://openejb.979440.n4.nabble.com/Security-isUserInRole-not-working-tp4656906.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
>