geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Quintin Beukes <>
Subject Serious Problem with Roles
Date Mon, 16 Nov 2009 16:41:33 GMT

I basically have a bunch of roles which should each be mapped to
different combinations of a user's "GroupPrincipals". Something like

      <sec:role role-name="Lamp Room">
name="Lamp Room"/>
      <sec:role role-name="VDS User">
name="Lamp Room"/>
      <sec:role role-name="Personnel User">
name="Lamp Room"/>

This means that named roles are all assigned to a user of group "Lamp Room".

Though doing the following I don't see these "virtual roles", only the
actual group.
    Subject subject = ContextManager.getCurrentCaller();
    Set<Principal> principals = subject.getPrincipals();

I can see how this would be the case, though the following must
definitely work: isCallerInRole("Personnel Admin") or EVEN
isCallerInRole("Lamp Room"). They all return false.

If I have a method annotated with @RolesAllowed({"Personnel User"}),
then GeronimoSecurityService.isCallerAuthorized(Method method,
InterfaceType typee) return TRUE.
Though, GeronimoSecurityService.isCallerInRole(String role) returns
FALSE when I query isCallerInRole("Personnel User").

I assume somewhere the AccessControlContext isn't populated correctly?
I'm not really sure how this should work, so if someone can tell me
how this all fits together I can have a look.

Quintin Beukes

View raw message