[jboss-dev-forums] [JBoss Portal Development] - Re: JBOSS Portal Security

[saber zaier]

saber zaier [http://community.jboss.org/people/spring] created the discussion

"Re: JBOSS Portal Security"

To view the discussion, visit: http://community.jboss.org/message/631968#631968

--------------------------------------------------------------
I have resolved this pb in 2009, the answer was :

In authentifiction module :
---------------------------------------

String WEB_REQUEST_KEY = "javax.servlet.http.HttpServletRequest";
        HttpServletRequest request;
        String j_role = null;
        String j_user = null;
        String j_password = null;
        try {
            request = (HttpServletRequest) PolicyContext.getContext(WEB_REQUEST_KEY);

            j_role = request.getParameter("j_role");
            j_user = request.getParameter("j_username");
            j_password = request.getParameter("j_password");
          this.callbackHandler = new customCallbackHandler(j_user, j_password, j_role);

        } catch (PolicyContextException e) {
            throw new FailedLoginException("Technical Error");
        }

In the customCallbackHandler class :
------------------------------------------------------

public class customCallbackHandler implements CallbackHandler {
...............;
@Override
    public void handle(Callback[] callbacks) throws IOException,
            UnsupportedCallbackException {

        for (int i = 0; i < callbacks.length; i++) {
            if (callbacks[i] instanceof TextOutputCallback) {

                // display the message according to the specified type
                TextOutputCallback toc = (TextOutputCallback) callbacks[i];
                switch (toc.getMessageType()) {
                case TextOutputCallback.INFORMATION:
                    System.out.println(toc.getMessage());
                    break;
                case TextOutputCallback.ERROR:
                    System.out.println("ERROR: " + toc.getMessage());
                    break;
                case TextOutputCallback.WARNING:
                    System.out.println("WARNING: " + toc.getMessage());
                    break;
                default:
                    throw new IOException("Unsupported message type: "
                            + toc.getMessageType());
                }

            } else if (callbacks[i] instanceof TextInputCallback) {

                // prompt the text imput for a role
                TextInputCallback tic = (TextInputCallback) callbacks[i];
                tic.setText(role);

            } else if (callbacks[i] instanceof NameCallback) {

                // prompt the user for a username
                NameCallback nc = (NameCallback) callbacks[i];
                nc.setName(username);

            } else if (callbacks[i] instanceof PasswordCallback) {

                // prompt the user for sensitive information
                PasswordCallback pc = (PasswordCallback) callbacks[i];
                pc.setPassword(password.toCharArray());

            } else {
                throw new UnsupportedCallbackException(callbacks[i],
                        "Unrecognized Callback");
            }
        }

    }

In the view class :
--------------------------

public boolean isUserInRoleAdministrator() {

FacesContext ctx = FacesContext.getCurrentInstance();
        Object request = ctx.getExternalContext().getRequest();
        if (request instanceof RenderRequest) {
            List<String> roles = (List<String>) ((RenderRequest) request).getPortletSession(false).getAttribute("roles");
            if (null != roles)
                return roles.contains(ADMINISTRATOR);
        } else if (request instanceof HttpServletRequest) {
            List<String> roles = (List<String>) ((HttpServletRequest) request).getSession(false).getAttribute(ATTRIBUTE_ROLES);
            if (null != roles)
                return roles.contains(ADMINISTRATOR);

        } else if (request instanceof ResourceRequest) {            
            List<String> roles = (List<String>) ((ResourceRequest) request).getPortletSession().getAttribute("roles");
            if (null != roles)
                return roles.contains(ADMINISTRATOR);

        }

public String getUserConnected() {
        if (null != FacesContext.getCurrentInstance().getExternalContext() && null != FacesContext.getCurrentInstance().getExternalContext().getUserPrincipal())
            return FacesContext.getCurrentInstance().getExternalContext().getUserPrincipal().getName();
        else
            return null;
    }
--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/631968#631968]

Start a new discussion in JBoss Portal Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2014]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20111016/58267774/attachment.html