wood burning stoves*
The moose likes Servlets and the fly likes Roles of a user Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Roles of a user" Watch "Roles of a user" New topic
Author

Roles of a user

s penumudi
Ranch Hand

Joined: Nov 17, 2004
Posts: 113
Hello All,

I hope this is the right place to post my question.

I am working on a web application that uses Custom security that was written using JAAS by the some team internal to the origanization.

In web.xml I have configured Security roles using <security-role> and <security-constraint> tags.

After successful login, If I print user name and his roles, I am able to see the roles which I have configured for this user.

Let us take a scenario I have two users with usernames User1 and USer2.
The role assigned to user1 is role1
The role assigned to user2 is role2.

I have opened teo browsers and logged into the system with these two users.
After successful login, I am showing a welcome page where I would display User name and his roles.

For User1, after sucessfull login, I am able to see his name and role1=true.
For User2, I am able to see his name and role2=true.

Now, problem comes here.. When I try to refresh User1 browser couple of times, I see his name with role "role2=true". Same with User2, I see his role as "role1=true"

I am checking if user has roles using
request.isUserInRole(Constants.ROLE1)
request.isUserInRole(Constants.ROLE2)

I am not sure why the request object is not being able to get the correct roles.

Is there any configuration thing I need to take care of.
Early replys would be greatly appreciated

thank you
louise rochford
Ranch Hand

Joined: Apr 04, 2002
Posts: 119
Hi Sari,

Are you opening 2 browser windows on the same pc? If so I think they might end up shareing the same session cookie. I've never been too sure on this - it might depend on the browser implementation.

I've also seen this session confusion happen from seperate pcs where the requests were routed through a proxy that did some caching. User 1 requested a personalized which displayed correctly, as did user 2, but then user 1 got user 2's page. Had to get them to set their IE browser so that it didn't use the proxy for requests to the application.

Regards,
Louise
Jason Milliron
Greenhorn

Joined: Jan 25, 2004
Posts: 22
I agree with the last user about sharing the same session stuff, but how are you opening your browser? Are you clicking on the browser, then hitting control-N for another browser to open? If so, it will definetly share same session, but if you open two separate browser instances, there should be no conflicting data. If this doesn't help, could you post the code and we could try to replicate the problem? Thanks.
s penumudi
Ranch Hand

Joined: Nov 17, 2004
Posts: 113
Hi,
Thank you very much for your replys.

Yes, I am testing my application by opening two browsers from same machine.
I am not using control-N or file<->New window options form the IE. I am opening two seperate new instances of IE.

I am using
- oracle 10g AS (9.0.4).
- JSP and Struts
- Internal Security implemented as per JAAS.

Jsp:


Web.xml file


Thank you
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Roles of a user