File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JBoss/WildFly and the fly likes req.isUserInRole( Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "req.isUserInRole("admin"); return false??" Watch "req.isUserInRole("admin"); return false??" New topic
Author

req.isUserInRole("admin"); return false??

Jhon Merced
Greenhorn

Joined: Feb 24, 2006
Posts: 2
I'm using Jboss4.00 and using JAAS security for authentication and authoriztion of my application.
i setup the web.xml,for the security constraint.
the login-config.xml and jboss-web.xml.

but when i tried to view the req.isUserInRole("admin") the output is false,
can anybody explain me why.
but when i deploy my application in jboss 3.2xxx it returns true.

here's some of my setup
web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Pages</web-resource-name>
<url-pattern>*.do</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<realm-name>application</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginerror.jsp</form-error-page>
</form-login-config>
</login-config>

<security-role>
<role-name>admin</role-name>
</security-role>

jboss-web.xml

<security-domain>java:/jaas/application</security-domain>

login-config.xml

<application-policy name = "application">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name = "dsJndiName">java:/MySqlDS</module-option>
<module-option name = "principalsQuery">select password from user where user_id=?</module-option>
<module-option name = "rolesQuery">SELECT role, 'Roles' FROM roles WHERE user_id = ?</module-option>
<module-option name = "unauthenticatedIdentity">guest</module-option>
</login-module>
</authentication>
</application-policy>
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39535
    
  27
Welcome to JavaRanch.

Just to ask the obvious: Did you actually log in as 'admin' and supply the correct password? Does "req.isUserInRole("guest")" return true?


Ping & DNS - updated with new look and Ping home screen widget
Jhon Merced
Greenhorn

Joined: Feb 24, 2006
Posts: 2
Yes I have supplied the necessary data (username and password, with the admin role).
If you noticed on my post that when i try to deploy my application in jboss version 3.2xxx it returns true.
I think It has something todo with the Jboss version.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39535
    
  27
In that case, let's move this to the JBoss forum, and continue the discussion among the JBoss-savvy folks.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: req.isUserInRole("admin"); return false??
 
Similar Threads
Certificate based security
authentication problem
403 access denied error
[jboss jaas] login-conf.xml configuration
Problems with FORM Authentication