geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Quintin Beukes <quin...@last.za.net>
Subject Serious Problem with Roles
Date Mon, 16 Nov 2009 16:41:33 GMT
Hey,

I basically have a bunch of roles which should each be mapped to
different combinations of a user's "GroupPrincipals". Something like
this:

      <sec:role role-name="Lamp Room">
        <sec:principal
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="Lamp Room"/>
      </sec:role>
      <sec:role role-name="VDS User">
        <sec:principal
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="Lamp Room"/>
      </sec:role>
      <sec:role role-name="Personnel User">
        <sec:principal
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="Lamp Room"/>
      </sec:role>

This means that named roles are all assigned to a user of group "Lamp Room".

Though doing the following I don't see these "virtual roles", only the
actual group.
    Subject subject = ContextManager.getCurrentCaller();
    Set<Principal> principals = subject.getPrincipals();

I can see how this would be the case, though the following must
definitely work: isCallerInRole("Personnel Admin") or EVEN
isCallerInRole("Lamp Room"). They all return false.

If I have a method annotated with @RolesAllowed({"Personnel User"}),
then GeronimoSecurityService.isCallerAuthorized(Method method,
InterfaceType typee) return TRUE.
Though, GeronimoSecurityService.isCallerInRole(String role) returns
FALSE when I query isCallerInRole("Personnel User").

I assume somewhere the AccessControlContext isn't populated correctly?
I'm not really sure how this should work, so if someone can tell me
how this all fits together I can have a look.

Quintin Beukes

Mime
View raw message